High severityNVD Advisory· Published Aug 24, 2021· Updated Aug 4, 2024
CVE-2021-38557
CVE-2021-38557
Description
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh with any executable content.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
billz/raspap-webguiPackagist | <= 2.6.6 | — |
Affected products
2- RaspAP/RaspAPdescription
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-536p-4pcj-5mr9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-38557ghsaADVISORY
- github.com/RaspAP/raspap-webgui/blob/fabc48c7daae4013b9888f266332e510b196a062/installers/raspap.sudoersghsax_refsource_MISCWEB
- zerosecuritypenetrationtesting.comghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.