Описание
A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS commands.
Ссылки
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.6 (включая) до 2.6.5 (включая)
cpe:2.3:a:raspap:raspap:*:*:*:*:*:*:*:*
EPSS
Процентиль: 100%
0.94007
Критический
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-78
Связанные уязвимости
github
больше 3 лет назад
A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS commands.
EPSS
Процентиль: 100%
0.94007
Критический
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-78