CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-33356

HIGH
8.8
CVSS Severity Score
EPSS Score0.1210%
EPSS Percentile8.13th
Published2021年6月9日
Last Modified2024年11月21日

Vulnerability Description

Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote attacker to inject arbitrary commands to /installers/common.sh component that can result in remote command execution with root privileges.

Affected Platforms (CPE)

📦
Raspap

Raspap

>= 1.5 and <= 2.6.5

References & Advisories

🔗 https://gist.github.com/omriinbar/52c000c02a6992c6ce68d531195f69cf
🔗 https://github.com/RaspAP/raspap-webgui/blob/5a7b77459839c9420fac0d10ec28cee1af9bb782/installers/common.sh#L216
🔗 https://github.com/RaspAP/raspap-webgui/blob/5a7b77459839c9420fac0d10ec28cee1af9bb782/installers/common.sh#L231
🔗 https://github.com/RaspAP/raspap-webgui/blob/5a7b77459839c9420fac0d10ec28cee1af9bb782/installers/common.sh#L314
🔗 https://github.com/RaspAP/raspap-webgui/blob/5a7b77459839c9420fac0d10ec28cee1af9bb782/installers/common.sh#L407
🔗 https://github.com/RaspAP/raspap-webgui/blob/5a7b77459839c9420fac0d10ec28cee1af9bb782/installers/common.sh#L510
🔗 https://gist.github.com/omriinbar/52c000c02a6992c6ce68d531195f69cf
🔗 https://github.com/RaspAP/raspap-webgui/blob/5a7b77459839c9420fac0d10ec28cee1af9bb782/installers/common.sh#L216

相关漏洞威胁

CVE-2021-333579.8

A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" pa...

CVE-2020-245728.8

An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (...

CVE-2021-333588.8

Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd,...

CVE-2021-385568.8

includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection.