Severity: 9.9 - Critical Severity
|RaspAP prior to version 2.6.6 is vulnerable to Privilege Escalation.|
RaspAP prior to 2.6.6
Chaning this vulnerability with another one (see CVE-2021-33357 and CVE-2021-33358) enables an attacker to execute arbitrary commands with root privilages on the RaspAP instance.
- Using CVE-2021-33357 or CVE-2021-33358, appent a command to /etc/raspap/lighttpd/configport.sh.
- Run the script with sudo. You won’t be asked for a password and the command will be run as root.
The file should only be editable to root.
This issue was fixed in version 2.6.6 through the commit.
Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
This issue was discovered and reported by Checkmarx Security Researcher Omri Inbar.
- Commit (cae2031)