Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or "$()" which enables an authenticated attacker to execute arbitrary OS commands.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-06-09T17:53:28
Updated: 2024-08-03T23:50:42.412Z
Reserved: 2021-05-20T00:00:00
Link: CVE-2021-33358
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-06-09T18:15:08.710
Modified: 2024-11-21T06:08:45.310
Link: CVE-2021-33358
Redhat
No data.