CVE-2022-39987
published 2023-08-01CVE-2022-39987: A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST…
PriorityP270high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
34.66%
98.2th percentile
A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| billz | raspap-webgui | >= 2.8.0 < 2.9.5 | 2.9.5 |
| raspap | raspap | 2.8.0 – 2.9.2 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
RaspAP Command Injection vulnerability
osv·2023-08-01
CVE-2022-39987 [HIGH] RaspAP Command Injection vulnerability
RaspAP Command Injection vulnerability
A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the `entity` POST parameters in `/ajax/networking/get_wgkey.php`.
GHSA
RaspAP Command Injection vulnerability
ghsa·2023-08-01
CVE-2022-39987 [HIGH] CWE-77 RaspAP Command Injection vulnerability
RaspAP Command Injection vulnerability
A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the `entity` POST parameters in `/ajax/networking/get_wgkey.php`.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/RaspAP/raspap-webgui/blob/master/ajax/networking/get_wgkey.phphttps://medium.com/%40ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2https://github.com/RaspAP/raspap-webgui/blob/master/ajax/networking/get_wgkey.phphttps://medium.com/%40ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2
2023-08-01
Published