Created
May 28, 2021 19:14
-
-
Save omriinbar/52c000c02a6992c6ce68d531195f69cf to your computer and use it in GitHub Desktop.
RaspAP Vulnerabilities
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE-2021-33356 | |
| Vulnerable Product Version: RaspAP 1.5 to (and including) 2.6.5 | |
| Vulnerability Type: Privilege Escalation due to Execution with Unnecessary Privileges (CWE-250) | |
| Description: Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote attacker to inject arbitrary commands to /installers/common.sh component that can result in remote command execution with root privileges. | |
| CVE-2021-33357 | |
| Vulnerable Product Version: RaspAP 2.6 to (and including) 2.6.5 | |
| Vulnerability Type: OS Command Injection (CWE-78) | |
| Description: A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS commands. | |
| CVE-2021-33358 | |
| Vulnerable Product Version: RaspAP 2.3 to (and including) 2.6.5 | |
| Vulnerability Type: OS Command Injection (CWE-78) | |
| Description: Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameter in /hostapd, when the parameters values contain special characters such as ";" or "$()" which enables an authenticated attacker to execute arbitrary OS commands. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment