CVE-2024-41637

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-41637

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41637.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-41637

Aliases

GHSA-q623-2j2j-23jj

Published

2024-07-29T06:15:02.267Z

Modified

2025-11-20T12:28:12.356887Z

Severity

8.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L CVSS Calculator

Summary

[none]

Details

RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands without a password.

References

Affected packages

Git / github.com/raspap/raspap-webgui

Affected ranges

Type: GIT
Repo: https://github.com/raspap/raspap-webgui
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

90d63a679d1c92b3d71d816c1ace82092c849476

Affected versions

1.*

1.0

1.3.1

1.4.0

1.4.1

1.5

1.5.1

1.6

1.6.1

1.6.2

2.*

2.0

2.1

2.2

2.3

2.3.1

2.4

2.4-beta

2.4.1

2.5

2.5.1

2.5.2

2.6

2.6-beta

2.6.1

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.7

2.6.8

2.6.9

2.7.0

2.7.1

2.8.0

2.8.1

2.8.2

2.8.3

2.8.4

2.8.5

2.8.6

2.8.7

2.8.8

2.8.9

2.9.0

2.9.1

2.9.2

2.9.3

2.9.4

2.9.5

2.9.6

2.9.7

2.9.8

2.9.9

3.*

3.0

3.0-beta

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

v1.*

v1.0

v1.1

v1.2.0

v1.2.1

v1.3.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41637.json"