CVE-2020-24572

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-24572

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24572.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-24572

Published

2020-08-24T20:15:10.300Z

Modified

2026-04-10T04:25:33.669900Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (Raspberry Pi) running this software, and execute commands on the system (including ones for uploading of files and execution of code).

References

Affected packages

Git / github.com/billz/raspap-webgui

Affected ranges

Type: GIT
Repo: https://github.com/billz/raspap-webgui
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

dd5ab7bdc213381ee552001dd80c41ca47afab00

Type

GIT

Repo

https://github.com/raspap/raspap-webgui

Events

Introduced

Last affected

b02660d5ff8d9faa5d3ef49778b23e832851e0f4

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.5"
        }
    ]
}

Affected versions

1.*

1.3.1

1.4.0

1.4.1

1.5

1.5.1

1.6

1.6.1

1.6.2

2.*

2.0

2.2

2.3

2.3.1

2.4

2.4-beta

2.4.1

2.5

v1.*

v1.0

v1.1

v1.2.0

v1.2.1

v1.3.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24572.json"