Severity: 10 - Critical Severity
|RaspAP prior to version 2.6.6 is vulnerable to Unauthenticated Command Injection.|
RaspAP prior to 2.6.6
An unauthenticated attacker can execute arbitrary OS commands on any RaspAP instance prior tp 2.6.6. This can be chained with a privilege escalation exploit (CVE-2021-33356) to achieve root access.
Your injected command should run on the RaspAP host.
This issue was fixed in version 2.6.6 through the commit.
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
This issue was discovered and reported by Checkmarx Security Researcher Omri Inbar.
- Commit (cae2031)