Scaner-VSvulnerability catalog · v4.2

Home Catalog Sources CWE CAPEC ATT&CK Mitigations Products Vendors Docs

← Back to List

Raspap›Applicationnvd,anchore_overrides

Raspap-webgui

Vulnerabilities

4

Known exploited

0

Max CVSS

9.8

Top EPSS

0.02705

Severity breakdown

Critical

2

High

1

Medium

1

Low

0

Affected version ranges

< 3.3.6≤ 3.0.9≤ 3.3.2

Also matched as (raw): raspap-webgui

Top vulnerabilities

CVE-2025-50428In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the interface parameter.

CVE-2024-36622In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter.

CVE-2026-24788RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product.

CVE-2025-44163RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/get_wgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the `entity` parameter to overwrite arbitrary files writable by the web server via abuse of the `tee` command used in shell execution.

View vendor →Open in catalog with product filter →