CVE-2022-39986 : A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthentica

A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.

Published 2023-08-01 14:15:10

Updated 2023-08-15 17:15:10

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2022-39986

Raspap » Raspap
Versions from including (>=) 2.8.0 and up to, including, (<=) 2.8.7
cpe:2.3:a:raspap:raspap:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-39986

EPSS FAQ

92.65%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 100 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2022-39986

RaspAP Unauthenticated Command Injection

Disclosure Date: 2023-07-31

First seen: 2023-09-11

exploit/unix/http/raspap_rce

RaspAP is feature-rich wireless router software that just works on many popular Debian-based devices, including the Raspberry Pi. A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary comma

More information

CVSS scores for CVE-2022-39986

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-39986

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-39986

https://medium.com/@ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2

Multiple Vulnerabilities in RaspAP | by Ismael0x00 | Jul, 2023 | Medium
Exploit;Third Party Advisory

CVEs referencing this url
https://github.com/RaspAP/raspap-webgui/blob/master/ajax/openvpn/activate_ovpncfg.php

raspap-webgui/ajax/openvpn/activate_ovpncfg.php at master · RaspAP/raspap-webgui · GitHub
Vendor Advisory
http://packetstormsecurity.com/files/174190/RaspAP-2.8.7-Unauthenticated-Command-Injection.html

RaspAP 2.8.7 Unauthenticated Command Injection ≈ Packet Storm

Jump to