Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or "$()" which enables an authenticated attacker to execute arbitrary OS commands.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
RaspAP 操作系统命令注入漏洞
Vulnerability Description
RaspAP是应用软件基于 Debian 的设备的简单无线 AP 设置和管理 RaspAP存在操作系统命令注入漏洞,该漏洞源于在RaspAP 2.6版本到2.6.5版本中未正确过滤在/hostapd的“interface”、“ssid”、“wpa_passphrase”POST参数中“;”、“$()”等特殊字符。攻击者利用该漏洞就可以执行任意的操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A