module

RaspAP Unauthenticated Command Injection

Disclosed
2023-07-31
Created
2023-08-15

Description

RaspAP is feature-rich wireless router software that just works
on many popular Debian-based devices, including the Raspberry Pi.
A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows
unauthenticated attackers to execute arbitrary commands in the context of the user running RaspAP via the cfg_id
parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.

Successfully tested against RaspAP 2.8.0 and 2.8.7.

Authors

Ege BALCI egebalci@pm.me
Ismael0x00

Platform

Linux,Unix

Architectures

cmd, x86, x64

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


msf > use exploit/unix/http/raspap_rce
msf exploit(raspap_rce) > show targets
...targets...
msf exploit(raspap_rce) > set TARGET < target-id >
msf exploit(raspap_rce) > show options
...show and set options...
msf exploit(raspap_rce) > exploit

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.