cbcvebase.

Fruitywifi Project Fruitywifi vulnerabilities

5 known vulnerabilities affecting fruitywifi_project/fruitywifi.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2018-17317P2CRITICALCVSS 9.8v2.12018-09-21
CVE-2018-17317 [CRITICAL] CWE-78 CVE-2018-17317: FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_in_mask, io_in_gw, io_out_iface, io_out_set, io_out_mask, io_out_gw, iface, or domain parameter to /www/script/config_iface.php, or the newSSID, hostapd_
nvd
CVE-2018-19168P3CRITICALCVSS 9.8≤ 2.42018-11-11
CVE-2018-19168 [CRITICAL] CVE-2018-19168: Shell Metacharacter Injection in www/modules/save.php in FruityWifi (aka PatatasFritas/PatataWifi) t Shell Metacharacter Injection in www/modules/save.php in FruityWifi (aka PatatasFritas/PatataWifi) through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted mod_name parameter in a POST request. NOTE: unlike in CVE-2018-17317, the attacker does not need a valid session.
nvd
CVE-2020-24849P3HIGHCVSS 8.8≤ 2.42020-11-05
CVE-2020-24849 [HIGH] CVE-2020-24849: A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly esc A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the page_config_adv.php page, it is possible to perform remote code execution by an authenticated attacker. This is similar to CVE-2018-17317.
nvd
CVE-2020-24848P3HIGHCVSS 7.8≤ 2.42020-10-23
CVE-2020-24848 [HIGH] CWE-269 CVE-2020-24848: FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
nvd
CVE-2020-24847P4MEDIUMCVSS 4.3≤ 2.42020-10-23
CVE-2020-24847 [MEDIUM] CWE-352 CVE-2020-24847: A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticated attacker can change the newSSID and hostapd_wpa_p
nvd
Fruitywifi Project Fruitywifi vulnerabilities | cvebase