Miggo Logo

CVE-2021-38557: raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions.

8.8

CVSS Score
3.1

Basic Information

EPSS Score
0.71695%
Published
9/2/2021
Updated
2/1/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
billz/raspap-webguicomposer<= 2.6.6

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from two key issues: 1) The sudoers file grants passwordless root execution of /etc/raspap/hostapd/enablelog.sh to the www-data user, and 2) www-data has write permissions to this script. This allows attackers to replace the script's contents with malicious code and trigger privileged execution. The combination of insecure permission assignment (CWE-732) and writable critical resource makes this function vulnerable.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

r*sp*p-w***ui in R*sp*P *.*.* *llows *tt**k*rs to *x**ut* *omm*n*s *s root ****us* o* t** ins**ur* su*o*rs p*rmissions. T** www-**t* ***ount **n *x**ut* /*t*/r*sp*p/*ost*p*/*n**l*lo*.s* *s root wit* no p*sswor*; *ow*v*r, t** www-**t* ***ount **n *lso

Reasoning

T** vuln*r**ility st*ms *rom two k*y issu*s: *) T** `su*o*rs` *il* *r*nts p*sswor*l*ss root *x**ution o* `/*t*/r*sp*p/*ost*p*/*n**l*lo*.s*` to t** www-**t* us*r, *n* *) www-**t* **s writ* p*rmissions to t*is s*ript. T*is *llows *tt**k*rs to r*pl*** t