Vulnerabilities > Raspap
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-01 | CVE-2022-39986 | Command Injection vulnerability in Raspap A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php. | 9.8 |
| 2023-08-01 | CVE-2022-39987 | Command Injection vulnerability in Raspap A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php. | 8.8 |
| 2023-06-23 | CVE-2023-30260 | Command Injection vulnerability in Raspap Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form. | 8.8 |
| 2021-08-24 | CVE-2021-38556 | Command Injection vulnerability in Raspap 2.6.6 includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection. | 8.8 |
| 2021-08-24 | CVE-2021-38557 | Incorrect Permission Assignment for Critical Resource vulnerability in Raspap 2.6.6 raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. | 8.8 |
| 2021-06-09 | CVE-2021-33356 | Improper Privilege Management vulnerability in Raspap Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote attacker to inject arbitrary commands to /installers/common.sh component that can result in remote command execution with root privileges. | 8.8 |
| 2021-06-09 | CVE-2021-33357 | OS Command Injection vulnerability in Raspap A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS commands. | 9.8 |
| 2021-06-09 | CVE-2021-33358 | OS Command Injection vulnerability in Raspap Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or "$()" which enables an authenticated attacker to execute arbitrary OS commands. | 8.8 |
| 2020-08-24 | CVE-2020-24572 | OS Command Injection vulnerability in Raspap 2.5 An issue was discovered in includes/webconsole.php in RaspAP 2.5. | 8.8 |