Insecure Sudoers Permissions in RaspAP 2.6.6 Allow Command Execution as Root

Insecure Sudoers Permissions in RaspAP 2.6.6 Allow Command Execution as Root

CVE-2021-38557 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh with any executable content.

Learn more about our Web App Pen Testing.