{"url":"http://public2.vulnerablecode.io/api/packages/381811?format=json","purl":"pkg:composer/billz/raspap-webgui@2.8.9","type":"composer","namespace":"billz","name":"raspap-webgui","version":"2.8.9","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.3.6","latest_non_vulnerable_version":"3.3.6","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94568?format=json","vulnerability_id":"VCID-3zn2-89sq-f7g2","summary":"RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/get_wgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the `entity` parameter to overwrite arbitrary files writable by the web server via abuse of the `tee` command used in shell execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-44163","reference_id":"","reference_type":"","scores":[{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35193","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-44163"},{"reference_url":"https://github.com/RaspAP/raspap-webgui/commit/eb53c46c336384d78336b021adea94d9257e1d67","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/RaspAP/raspap-webgui/commit/eb53c46c336384d78336b021adea94d9257e1d67"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-44163","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-44163"},{"reference_url":"https://gist.github.com/YichaoXu/3694f039a3d1b973efd068e4dc662a41","reference_id":"3694f039a3d1b973efd068e4dc662a41","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-27T20:00:04Z/"}],"url":"https://gist.github.com/YichaoXu/3694f039a3d1b973efd068e4dc662a41"},{"reference_url":"https://github.com/RaspAP/raspap-webgui/blob/125ae7a39ad7c9a71250d3b3e349fd767687ff8d/ajax/networking/get_wgkey.php#L9","reference_id":"get_wgkey.php#L9","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-27T20:00:04Z/"}],"url":"https://github.com/RaspAP/raspap-webgui/blob/125ae7a39ad7c9a71250d3b3e349fd767687ff8d/ajax/networking/get_wgkey.php#L9"},{"reference_url":"https://github.com/advisories/GHSA-277f-37gw-9gmq","reference_id":"GHSA-277f-37gw-9gmq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-277f-37gw-9gmq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38474?format=json","purl":"pkg:composer/billz/raspap-webgui@3.3.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/billz/raspap-webgui@3.3.6"}],"aliases":["CVE-2025-44163","GHSA-277f-37gw-9gmq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3zn2-89sq-f7g2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39648?format=json","vulnerability_id":"VCID-6q19-emf4-tfgc","summary":"RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to cause a persistent denial of service (bricking) via a crafted request.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28754","reference_id":"","reference_type":"","scores":[{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58612","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28754"},{"reference_url":"https://github.com/RaspAP/raspap-webgui/commit/d0592b63de9a5da587ab3a51e03e7e566c7f3602","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/RaspAP/raspap-webgui/commit/d0592b63de9a5da587ab3a51e03e7e566c7f3602"},{"reference_url":"https://github.com/RaspAP/raspap-webgui/pull/1546","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/RaspAP/raspap-webgui/pull/1546"},{"reference_url":"https://github.com/RaspAP/raspap-webgui/pull/1548","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/RaspAP/raspap-webgui/pull/1548"},{"reference_url":"https://dustri.org/b/carrot-disclosure.html","reference_id":"carrot-disclosure.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-01T19:08:56Z/"}],"url":"https://dustri.org/b/carrot-disclosure.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28754","reference_id":"CVE-2024-28754","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28754"},{"reference_url":"https://github.com/advisories/GHSA-vc9f-mgxr-h32r","reference_id":"GHSA-vc9f-mgxr-h32r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vc9f-mgxr-h32r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29607?format=json","purl":"pkg:composer/billz/raspap-webgui@3.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3zn2-89sq-f7g2"},{"vulnerability":"VCID-uzah-ckp4-c3g2"},{"vulnerability":"VCID-yrbm-jm17-a3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/billz/raspap-webgui@3.1.0"}],"aliases":["CVE-2024-28754","GHSA-vc9f-mgxr-h32r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6q19-emf4-tfgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63111?format=json","vulnerability_id":"VCID-ss1t-9qjj-ubb2","summary":"A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2497","reference_id":"","reference_type":"","scores":[{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27301","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2497"},{"reference_url":"https://toradah.notion.site/Code-Injection-Leading-to-Remote-Code-Execution-RCE-in-RaspAP-Web-GUI-d321e1a416694520bec7099253c65060?pvs=4","reference_id":"Code-Injection-Leading-to-Remote-Code-Execution-RCE-in-RaspAP-Web-GUI-d321e1a416694520bec7099253c65060?pvs=4","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:M/C:P/I:P/A:P"},{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T17:43:42Z/"}],"url":"https://toradah.notion.site/Code-Injection-Leading-to-Remote-Code-Execution-RCE-in-RaspAP-Web-GUI-d321e1a416694520bec7099253c65060?pvs=4"},{"reference_url":"https://vuldb.com/?ctiid.256919","reference_id":"?ctiid.256919","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:M/C:P/I:P/A:P"},{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T17:43:42Z/"}],"url":"https://vuldb.com/?ctiid.256919"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2497","reference_id":"CVE-2024-2497","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2497"},{"reference_url":"https://github.com/advisories/GHSA-99wg-vmvq-2cp5","reference_id":"GHSA-99wg-vmvq-2cp5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-99wg-vmvq-2cp5"},{"reference_url":"https://vuldb.com/?id.256919","reference_id":"?id.256919","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:M/C:P/I:P/A:P"},{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T17:43:42Z/"}],"url":"https://vuldb.com/?id.256919"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29607?format=json","purl":"pkg:composer/billz/raspap-webgui@3.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3zn2-89sq-f7g2"},{"vulnerability":"VCID-uzah-ckp4-c3g2"},{"vulnerability":"VCID-yrbm-jm17-a3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/billz/raspap-webgui@3.1.0"}],"aliases":["CVE-2024-2497","GHSA-99wg-vmvq-2cp5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ss1t-9qjj-ubb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57506?format=json","vulnerability_id":"VCID-uzah-ckp4-c3g2","summary":"RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands without a password.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41637","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49837","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41637"},{"reference_url":"https://blog.0xzon.dev/2024-07-27-CVE-2024-41637","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.0xzon.dev/2024-07-27-CVE-2024-41637"},{"reference_url":"https://blog.0xzon.dev/2024-07-27-CVE-2024-41637/","reference_id":"2024-07-27-CVE-2024-41637","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-29T17:34:42Z/"}],"url":"https://blog.0xzon.dev/2024-07-27-CVE-2024-41637/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41637","reference_id":"CVE-2024-41637","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41637"},{"reference_url":"https://github.com/advisories/GHSA-q623-2j2j-23jj","reference_id":"GHSA-q623-2j2j-23jj","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q623-2j2j-23jj"},{"reference_url":"https://github.com/RaspAP/raspap-webgui","reference_id":"raspap-webgui","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-29T17:34:42Z/"}],"url":"https://github.com/RaspAP/raspap-webgui"}],"fixed_packages":[],"aliases":["CVE-2024-41637","GHSA-q623-2j2j-23jj"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uzah-ckp4-c3g2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/168346?format=json","vulnerability_id":"VCID-x9ng-h5nf-tqgd","summary":"A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the \"entity\" POST parameters in /ajax/networking/get_wgkey.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39987","reference_id":"","reference_type":"","scores":[{"value":"0.7647","scoring_system":"epss","scoring_elements":"0.98961","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39987"},{"reference_url":"https://github.com/RaspAP/raspap-webgui/commit/e87e7d1d3a61617430851f2a040379de1ff3dd9d","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/RaspAP/raspap-webgui/commit/e87e7d1d3a61617430851f2a040379de1ff3dd9d"},{"reference_url":"https://github.com/RaspAP/raspap-webgui/pull/1395","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/RaspAP/raspap-webgui/pull/1395"},{"reference_url":"https://github.com/RaspAP/raspap-webgui/releases/tag/2.9.5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/RaspAP/raspap-webgui/releases/tag/2.9.5"},{"reference_url":"https://medium.com/@ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39987","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39987"},{"reference_url":"https://github.com/RaspAP/raspap-webgui/blob/master/ajax/networking/get_wgkey.php","reference_id":"get_wgkey.php","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-21T13:51:39Z/"}],"url":"https://github.com/RaspAP/raspap-webgui/blob/master/ajax/networking/get_wgkey.php"},{"reference_url":"https://github.com/advisories/GHSA-7r88-wjhj-jr8m","reference_id":"GHSA-7r88-wjhj-jr8m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7r88-wjhj-jr8m"},{"reference_url":"https://medium.com/%40ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2","reference_id":"multiple-vulnerabilities-in-raspap-3c35e78809f2","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-21T13:51:39Z/"}],"url":"https://medium.com/%40ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380591?format=json","purl":"pkg:composer/billz/raspap-webgui@2.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3zn2-89sq-f7g2"},{"vulnerability":"VCID-6q19-emf4-tfgc"},{"vulnerability":"VCID-ss1t-9qjj-ubb2"},{"vulnerability":"VCID-uzah-ckp4-c3g2"},{"vulnerability":"VCID-yrbm-jm17-a3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/billz/raspap-webgui@2.9.5"}],"aliases":["CVE-2022-39987","GHSA-7r88-wjhj-jr8m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x9ng-h5nf-tqgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83240?format=json","vulnerability_id":"VCID-yrbm-jm17-a3dp","summary":"RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24788","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.27997","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24788"},{"reference_url":"https://github.com/RaspAP/raspap-webgui/commit/f514f5a12ef0c34853b5370ef55d630b499f977d","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/RaspAP/raspap-webgui/commit/f514f5a12ef0c34853b5370ef55d630b499f977d"},{"reference_url":"https://github.com/RaspAP/raspap-webgui/releases/tag/3.3.6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/RaspAP/raspap-webgui/releases/tag/3.3.6"},{"reference_url":"https://jvn.jp/en/jp/JVN27202136","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jvn.jp/en/jp/JVN27202136"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24788","reference_id":"CVE-2026-24788","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24788"},{"reference_url":"https://github.com/advisories/GHSA-4wwf-f7w3-94f5","reference_id":"GHSA-4wwf-f7w3-94f5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4wwf-f7w3-94f5"},{"reference_url":"https://jvn.jp/en/jp/JVN27202136/","reference_id":"JVN27202136","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-02T16:26:17Z/"}],"url":"https://jvn.jp/en/jp/JVN27202136/"},{"reference_url":"https://github.com/RaspAP/raspap-webgui/releases","reference_id":"releases","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-02T16:26:17Z/"}],"url":"https://github.com/RaspAP/raspap-webgui/releases"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38474?format=json","purl":"pkg:composer/billz/raspap-webgui@3.3.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/billz/raspap-webgui@3.3.6"}],"aliases":["CVE-2026-24788","GHSA-4wwf-f7w3-94f5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yrbm-jm17-a3dp"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/129601?format=json","vulnerability_id":"VCID-yyn4-rrkp-7qfm","summary":"Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30260","reference_id":"","reference_type":"","scores":[{"value":"0.02554","scoring_system":"epss","scoring_elements":"0.85822","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30260"},{"reference_url":"https://github.com/RaspAP/raspap-webgui/commit/238e1670fcef8b18ec4628ee74fc345607536a16","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/RaspAP/raspap-webgui/commit/238e1670fcef8b18ec4628ee74fc345607536a16"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30260","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30260"},{"reference_url":"https://github.com/RaspAP/raspap-webgui/pull/1322","reference_id":"1322","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-05T17:00:26Z/"}],"url":"https://github.com/RaspAP/raspap-webgui/pull/1322"},{"reference_url":"https://eldstal.se/advisories/230328-raspap.html","reference_id":"230328-raspap.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-05T17:00:26Z/"}],"url":"https://eldstal.se/advisories/230328-raspap.html"},{"reference_url":"https://github.com/advisories/GHSA-hhqm-f4m4-pq39","reference_id":"GHSA-hhqm-f4m4-pq39","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hhqm-f4m4-pq39"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381811?format=json","purl":"pkg:composer/billz/raspap-webgui@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3zn2-89sq-f7g2"},{"vulnerability":"VCID-6q19-emf4-tfgc"},{"vulnerability":"VCID-ss1t-9qjj-ubb2"},{"vulnerability":"VCID-uzah-ckp4-c3g2"},{"vulnerability":"VCID-x9ng-h5nf-tqgd"},{"vulnerability":"VCID-yrbm-jm17-a3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/billz/raspap-webgui@2.8.9"}],"aliases":["CVE-2023-30260","GHSA-hhqm-f4m4-pq39"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yyn4-rrkp-7qfm"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/billz/raspap-webgui@2.8.9"}