CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-24572

HIGH
8.8
CVSS Severity Score
EPSS Score0.0020%
EPSS Percentile38.66th
Published2020年8月24日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (Raspberry Pi) running this software, and execute commands on the system (including ones for uploading of files and execution of code).

Affected Platforms (CPE)

📦
Raspap

Raspap

= 2.5

References & Advisories

🔗 https://deadb0x.io/lunchb0x/cve-2020-24572/
🔗 https://github.com/billz/raspap-webgui/commit/dd5ab7bdc213381ee552001dd80c41ca47afab00
🔗 https://github.com/billz/raspap-webgui/releases
🔗 https://github.com/lb0x
🔗 https://deadb0x.io/lunchb0x/cve-2020-24572/
🔗 https://github.com/billz/raspap-webgui/commit/dd5ab7bdc213381ee552001dd80c41ca47afab00
🔗 https://github.com/billz/raspap-webgui/releases
🔗 https://github.com/lb0x

関連する脆弱性情報

CVE-2021-333579.8

A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" pa...

CVE-2021-333568.8

Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote attacker to inject arbitr...

CVE-2021-333588.8

Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd,...

CVE-2021-385568.8

includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection.