VYPR

Fruitywifi

by Patatasfritas

CVEs (3)

  • CVE-2018-17317CriSep 21, 2018
    risk 0.64cvss 9.8epss 0.04

    FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_in_mask, io_in_gw, io_out_iface, io_out_set, io_out_mask, io_out_gw, iface, or…

  • CVE-2020-24849Nov 5, 2020
    risk 0.00cvss epss 0.03

    A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the page_config_adv.php page, it is possible to perform remote code execution by an authenticated attacker. This is…

  • CVE-2020-24848Oct 23, 2020
    risk 0.00cvss epss 0.00

    FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.