cbcvebase.

Raspap Raspap-Webgui vulnerabilities

5 known vulnerabilities affecting raspap/raspap-webgui.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2026-24788P2HIGHCVSS 8.7vversions prior to 3.3.62026-02-02
CVE-2026-24788 [HIGH] CWE-78 CVE-2026-24788: RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If explo RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product.
nvd
CVE-2025-50428P2CRITICALCVSS 9.8≤ 3.3.22025-08-27
CVE-2025-50428 [CRITICAL] CWE-77 CVE-2025-50428: In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/ In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the interface parameter.
nvd
CVE-2024-36622P3CRITICALCVSS 9.8≤ 3.0.92024-11-29
CVE-2024-36622 [CRITICAL] CWE-94 CVE-2024-36622: In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog. In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter.
nvd
CVE-2024-2497P3HIGHCVSS 7.2v3.0.92024-03-15
CVE-2024-2497 [HIGH] CWE-94 CVE-2024-2497: A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affec A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public an
nvd
CVE-2025-44163P3MEDIUMCVSS 6.3v3.3.12025-06-27
CVE-2025-44163 [MEDIUM] CWE-23 CVE-2025-44163: RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/get_wgkey.php. An RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/get_wgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the `entity` parameter to overwrite arbitrary files writable by the web server via abuse of the `tee` command used in shell execution.
nvd
Raspap Raspap-Webgui vulnerabilities | cvebase