Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or "$()" which enables an authenticated attacker to execute arbitrary OS commands.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-06-09T17:53:28

Updated: 2024-08-03T23:50:42.412Z

Reserved: 2021-05-20T00:00:00

Link: CVE-2021-33358

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-06-09T18:15:08.710

Modified: 2024-11-21T06:08:45.310

Link: CVE-2021-33358

cve-icon Redhat

No data.