CVE-2023-30260

Name of the Vulnerable Software and Affected Versions RaspAP raspap-webgui versions 2.8.8 and earlier

Description A command injection issue allows remote attackers to execute arbitrary commands by sending a crafted POST request to the hostapd settings form. This can be achieved via the hostapd settings form, which is vulnerable to command injection attacks. The POST request is used to exploit this issue.

Recommendations For versions 2.8.8 and earlier, consider disabling the hostapd settings form until a patch is available to prevent command injection attacks. Restrict access to the raspap-webgui to minimize the risk of exploitation. Avoid using the vulnerable form in the affected API endpoint until the issue is resolved.