CVE-2024-41637

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-41637

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41637.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-41637

Aliases

GHSA-q623-2j2j-23jj

Published

2024-07-29T06:15:02.267Z

Modified

2026-03-14T12:35:44.249093Z

Severity

8.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L CVSS Calculator

Summary

[none]

Details

RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands without a password.

References

Affected packages

Git / github.com/RaspAP/raspap-webgui

Affected ranges

Type

GIT

Repo

https://github.com/RaspAP/raspap-webgui

Events

Introduced

Fixed

90d63a679d1c92b3d71d816c1ace82092c849476

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.1.5"
        }
    ]
}

Affected versions

1.*

1.0

1.3.1

1.4.0

1.4.1

1.5

1.5.1

1.6

1.6.1

1.6.2

2.*

2.0

2.1

2.2

2.3

2.3.1

2.4

2.4-beta

2.4.1

2.5

2.5.1

2.5.2

2.6

2.6-beta

2.6.1

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.7

2.6.8

2.6.9

2.7.0

2.7.1

2.8.0

2.8.1

2.8.2

2.8.3

2.8.4

2.8.5

2.8.6

2.8.7

2.8.8

2.8.9

2.9.0

2.9.1

2.9.2

2.9.3

2.9.4

2.9.5

2.9.6

2.9.7

2.9.8

2.9.9

3.*

3.0

3.0-beta

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

v1.*

v1.0

v1.1

v1.2.0

v1.2.1

v1.3.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41637.json"