Miggo Logo
Miggo Vulnerability Database
CVE-2024-41637

CVE-2024-41637:
RaspAP allows an attacker to escalate privileges

10

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-41637
GHSA ID
GHSA-q623-2j2j-23jj
EPSS Score
0.26893%
CWE
CWE-77
Published
7/29/2024
Updated
8/2/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
billz/raspap-webguicomposer<= 3.1.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from two key factors:

  1. Improper file permissions: The restapi.service file is writable by www-data, allowing modification of systemd service commands.
  2. Excessive sudo privileges: www-data can execute systemctl and reboot commands without authentication.

While specific function names aren't provided in the advisory, the attack flow demonstrates that:

  • The ability to modify restapi.service (CWE-269) enables command injection via service configuration (CWE-77)
  • Sudo privileges allow these modified commands to execute as root These manifest in the systemd service definition and sudoers configuration files rather than discrete application functions, as the vulnerability is primarily a misconfiguration issue.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

R*sp*P ***or* *.*.* *llows *n *tt**k*r to *s**l*t* privil***s: t** www-**t* us*r **s writ* ****ss to t** r*st*pi.s*rvi** *il* *n* *lso poss*ss*s Su*o privil***s to *x**ut* s*v*r*l *riti**l *omm*n*s wit*out * p*sswor*.

Reasoning

T** vuln*r**ility st*ms *rom two k*y ***tors: *. Improp*r *il* p*rmissions: T** r*st*pi.s*rvi** *il* is writ**l* *y www-**t*, *llowin* mo*i*i**tion o* syst*m* s*rvi** *omm*n*s. *. *x**ssiv* su*o privil***s: www-**t* **n *x**ut* syst*m*tl *n* r**oot *