Skip to main content

Raspap

10 CVEs product

Monthly

CVE-2024-2497 PHP HIGH POC This Week

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical.php of the component HTTP POST Request Handler. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Raspap
NVD VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-28754 PHP HIGH POC PATCH This Week

RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to cause a persistent denial of service (bricking) via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Raspap
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-28753 MEDIUM POC This Month

RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Raspap
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-30260 PHP HIGH POC PATCH This Week

Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Raspap
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-38557 PHP HIGH POC This Week

raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Raspap
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-38556 PHP HIGH POC THREAT This Week

includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Raspap
NVD GitHub
CVSS 3.1
8.8
EPSS
13.0%
CVE-2021-33358 HIGH POC This Week

Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Raspap
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2021-33357 CRITICAL POC THREAT Act Now

A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Raspap
NVD GitHub
CVSS 3.1
9.8
EPSS
17.9%
CVE-2021-33356 HIGH POC This Week

Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote attacker to inject arbitrary commands to /installers/common.sh component that can result in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Raspap
NVD GitHub
CVSS 3.1
8.8
EPSS
5.3%
CVE-2020-24572 HIGH POC PATCH This Week

An issue was discovered in includes/webconsole.php in RaspAP 2.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection PHP Raspap
NVD GitHub
CVSS 3.1
8.8
EPSS
6.8%
EPSS 1% CVSS 7.2
HIGH POC This Week

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical.php of the component HTTP POST Request Handler. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE +1
NVD VulDB
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to cause a persistent denial of service (bricking) via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Raspap
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Raspap
NVD
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Raspap
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Raspap
NVD GitHub
EPSS 13% CVSS 8.8
HIGH POC THREAT This Week

includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Raspap
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Raspap
NVD GitHub
EPSS 18% CVSS 9.8
CRITICAL POC THREAT Act Now

A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Raspap
NVD GitHub
EPSS 5% CVSS 8.8
HIGH POC This Week

Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote attacker to inject arbitrary commands to /installers/common.sh component that can result in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Raspap
NVD GitHub
EPSS 7% CVSS 8.8
HIGH POC PATCH This Week

An issue was discovered in includes/webconsole.php in RaspAP 2.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection PHP Raspap
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy