Vulnerabilities > Raspap > Raspap > 2.6.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-23 | CVE-2023-30260 | Command Injection vulnerability in Raspap Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form. | 8.8 |
| 2021-06-09 | CVE-2021-33356 | Improper Privilege Management vulnerability in Raspap Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote attacker to inject arbitrary commands to /installers/common.sh component that can result in remote command execution with root privileges. | 9.0 |
| 2021-06-09 | CVE-2021-33357 | OS Command Injection vulnerability in Raspap A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS commands. | 7.5 |
| 2021-06-09 | CVE-2021-33358 | OS Command Injection vulnerability in Raspap Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or "$()" which enables an authenticated attacker to execute arbitrary OS commands. | 9.0 |