CVE-2022-39986

RaspAP 2.8.7 Unauthenticated Command Injection

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.

Una vulnerabilidad de inyección de comandos en RaspAP afecta a las versiones desde la 2.8.0 a la 2.8.7, la cual permite a atacantes no autenticados ejecutar comandos arbitrarios a través del parámetro cfg_id en /ajax/openvpn/activate_ovpncfg.php y /ajax/openvpn/del_ovpncfg.php.

RaspAP is feature-rich wireless router software that just works on many popular Debian-based devices, including the Raspberry Pi. A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands in the context of the user running RaspAP via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php. Successfully tested against RaspAP 2.8.0 and 2.8.7.

*Credits: N/A

CVSS Scores

NISTv3.1 9.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

Poc

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2022-09-06 CVE Reserved
2023-08-01 CVE Published
2023-08-16 First Exploit
2024-10-21 CVE Updated
2024-10-23 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

CAPEC

References (7)

URL	Tag	Source
http://packetstormsecurity.com/files/174190/RaspAP-2.8.7-Unauthenticated-Command-Injection.html
https://medium.com/%40ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2
https://medium.com/@ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2
https://github.com/advisories/GHSA-7c28-wg7r-pg6f

URL	Date	SRC
https://github.com/tucommenceapousser/RaspAP-CVE-2022-39986-PoC	2023-08-16
https://github.com/mind2hex/CVE-2022-39986	2023-11-28

URL	Date	SRC

URL	Date	SRC
https://github.com/RaspAP/raspap-webgui/blob/master/ajax/openvpn/activate_ovpncfg.php	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Raspap Search vendor "Raspap"		Raspap Search vendor "Raspap" for product "Raspap"				>= 2.8.0 <= 2.8.7 Search vendor "Raspap" for product "Raspap" and version " >= 2.8.0 <= 2.8.7"		-		Affected