CVE-2024-41637: RaspAP allows an attacker to escalate privileges

July 29, 2024

RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands without a password.

References

blog.0xzon.dev/2024-07-27-CVE-2024-41637
github.com/RaspAP/raspap-webgui
github.com/advisories/GHSA-q623-2j2j-23jj
nvd.nist.gov/vuln/detail/CVE-2024-41637

Detect and mitigate CVE-2024-41637 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →