CVSS: 10.0EPSS: 92%CPEs: 1EXPL: 3CVE-2022-39986 – RaspAP 2.8.7 Unauthenticated Command Injection
https://notcve.org/view.php?id=CVE-2022-39986
01 Aug 2023 — A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php. Una vulnerabilidad de inyección de comandos en RaspAP afecta a las versiones desde la 2.8.0 a la 2.8.7, la cual permite a atacantes no autenticados ejecutar comandos arbitrarios a través del parámetro cfg_id en /ajax/openvpn/activate_ovpncfg.php y /ajax/openvpn/del_ovpncfg.php. RaspAP is f... • https://packetstorm.news/files/id/174190 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 3CVE-2022-39987
https://notcve.org/view.php?id=CVE-2022-39987
01 Aug 2023 — A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php. Vulnerabilidad de inyección de comandos en RaspAP que afecta desde la versión 2.8.0 hasta la 2.9.2, la cual permite a un atacante autenticado ejecutar comandos arbitrarios del sistema operativo como root a través de los parámetros POST "entity" en /ajax/networking/get_wgkey.php. • https://github.com/miguelc49/CVE-2022-39987-2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30260
https://notcve.org/view.php?id=CVE-2023-30260
23 Jun 2023 — Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form. • https://eldstal.se/advisories/230328-raspap.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •