PT-2021-20124 · Raspap · Raspap

Published

2021-06-09

Updated

2021-06-21

CVE-2021-33356

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions RaspAP versions 1.5 through 2.6.5

Description The issue allows an authenticated remote attacker to inject arbitrary commands to the /installers/common.sh component, resulting in remote command execution with root privileges.

Recommendations For RaspAP versions 1.5 through 2.6.5, update to a version that contains a fix for this issue to prevent remote command execution with root privileges. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2021-33356

Affected Products

Raspap

PT-2021-20124 · Raspap · Raspap

CVE-2021-33356

Weakness Enumeration

Related Identifiers

Affected Products

References · 8