High severity8.3NVD Advisory· Published Jul 29, 2024· Updated Apr 15, 2026

CVE-2024-41637

Description

RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands without a password.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
billz/raspap-webguiPackagist	<= 3.1.4	—

Patches

90d63a679d1c

https://github.com/RaspAP/raspap-webguivia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-q623-2j2j-23jjghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-41637ghsaADVISORY
blog.0xzon.dev/2024-07-27-CVE-2024-41637ghsaWEB
blog.0xzon.dev/2024-07-27-CVE-2024-41637/nvd

News mentions

No linked articles in our index yet.

cvss	0.540
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000