CVE-2021-38557: raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions.
8.8
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.71695%
CWE
Published
9/2/2021
Updated
2/1/2023
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
billz/raspap-webgui | composer | <= 2.6.6 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from two key issues: 1) The sudoers
file grants passwordless root execution of /etc/raspap/hostapd/enablelog.sh
to the www-data user, and 2) www-data has write permissions to this script. This allows attackers to replace the script's contents with malicious code and trigger privileged execution. The combination of insecure permission assignment (CWE-732) and writable critical resource makes this function
vulnerable.