CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-38556

HIGH
8.8
CVSS Severity Score
EPSS Score0.1320%
EPSS Percentile22.67th
Published2021年8月24日
Last Modified2024年11月21日

Vulnerability Description

includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection.

Affected Platforms (CPE)

📦
Raspap

Raspap

= 2.6.6

References & Advisories

🔗 https://github.com/RaspAP/raspap-webgui
🔗 https://github.com/RaspAP/raspap-webgui/blob/0e1d652c5e55f812aaf2a5908884e9db179416ee/includes/configure_client.php
🔗 https://zerosecuritypenetrationtesting.com/?page_id=306
🔗 https://github.com/RaspAP/raspap-webgui
🔗 https://github.com/RaspAP/raspap-webgui/blob/0e1d652c5e55f812aaf2a5908884e9db179416ee/includes/configure_client.php
🔗 https://zerosecuritypenetrationtesting.com/?page_id=306

関連する脆弱性情報

CVE-2021-333579.8

A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" pa...

CVE-2020-245728.8

An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (...

CVE-2021-333568.8

Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote attacker to inject arbitr...

CVE-2021-333588.8

Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd,...

CVE-2021-38556 Detail & Impact Analysis | CVSS 8.8 (HIGH) | Cyber-Sec.Space | Cyber-Sec.Space