cbcvebase.
CVE-2022-39987
published 2023-08-01

CVE-2022-39987: A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST…

PriorityP270high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
34.66%
98.2th percentile
A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php.

Affected

2 ranges
VendorProductVersion rangeFixed in
billzraspap-webgui>= 2.8.0 < 2.9.52.9.5
raspapraspap2.8.0 – 2.9.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.