Vulnerability in RaspAP Pre-3.1.5 Allows Privilege Escalation
CVE-2024-41637

Currently unrated

Key Information:

Vendor

RaspAP

Vendor
CVE Published:
29 July 2024

Badges

๐Ÿ‘พ Exploit Exists๐Ÿ“ฐ News Worthy

What is CVE-2024-41637?

CVE-2024-41637 is a critical local privilege escalation vulnerability in RaspAP versions before 3.1.5. The vulnerability allows the www-data user to write to a specific file and execute critical commands with sudo privileges without a password, potentially leading to severe security breaches. Despite attempts to contact the RaspAP security team, the vulnerability was publicly disclosed on July 27, 2024, after receiving no response. Security researcher Aaron Haymore provided a proof of concept (PoC) demonstrating how the vulnerability can be exploited, highlighting the critical nature of the security flaw. The lack of response from the RaspAP security team underscores the importance of timely communication and addressing security issues promptly. It is essential to adhere to best practices for access control and user privileges to prevent such vulnerabilities and maintain a more secure environment.

News Articles

favicon imageMeterian

Meterian: Daily Vulnerabilities

CVE-2024-41637 ...

favicon imageGBHackers on Security

RaspAP Flaw Let Hackers Escalate Privileges with Raspberry Pi Devices

A critical local privilege escalation vulnerability has been discovered in RaspAP, an open-source project designed.

References

https://github.com/RaspAP/raspap-webgui
https://blog.0xzon.dev/2024-07-27-CVE-2024-41637/

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿ“ฐ

    First article discovered by GBHackers on Security

  • Vulnerability published

  • Vulnerability Reserved

JSON
.