CVE-2021-38557

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions RaspAP version 2.6.6

Description The issue allows attackers to execute commands as root due to insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password. Moreover, the www-data account can overwrite /etc/raspap/hostapd/enablelog.sh with any executable content, further escalating the attack.

Recommendations For RaspAP version 2.6.6, consider restricting the www-data account's access to /etc/raspap/hostapd/enablelog.sh to prevent unauthorized execution and modification. As a temporary workaround, consider disabling the execution of /etc/raspap/hostapd/enablelog.sh as root until a patch is available.

Exploit

Fix

Incorrect Default Permissions

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276CWE-732

Related Identifiers

CVE-2021-38557

GHSA-536P-4PCJ-5MR9

Affected Products

Raspap

CVE-2021-38557

Weakness Enumeration

Related Identifiers

Affected Products

References · 7