CVE-2021-38556 — HIGH (8.8)

Vulnerability Description

includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Raspap	Raspap	2.6.6

Related Weaknesses (CWE)

CWE-77

References

https://github.com/RaspAP/raspap-webguiProduct
https://github.com/RaspAP/raspap-webgui/blob/0e1d652c5e55f812aaf2a5908884e9db179Third Party Advisory
https://zerosecuritypenetrationtesting.com/?page_id=306ExploitThird Party AdvisoryVDB Entry
https://github.com/RaspAP/raspap-webguiProduct
https://github.com/RaspAP/raspap-webgui/blob/0e1d652c5e55f812aaf2a5908884e9db179Third Party Advisory
https://zerosecuritypenetrationtesting.com/?page_id=306ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2021-38556?

CVE-2021-38556 is a vulnerability with a CVSS score of 8.8 (HIGH). includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection.

How severe is CVE-2021-38556?

CVE-2021-38556 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-38556?

Check the references section above for vendor advisories and patch information. Affected products include: Raspap Raspap.