CVE-2020-24572

Name of the Vulnerable Software and Affected Versions RaspAP version 2.5

Description An issue in the includes/webconsole.php file allows an attacker with authenticated access to exploit a misconfigured web console. This can lead to attacks on the underlying OS, which is typically a Raspberry Pi system running this software. The exploitation can result in the execution of system commands, including those for uploading files and executing code.

Recommendations For RaspAP version 2.5, consider restricting access to the web console and limiting the execution of system commands to mitigate the risk of exploitation. As a temporary workaround, restrict the use of the web console until a patch or configuration fix is available.