Raspap: >> Raspap-Webgui >> 3.3.1 Security Vulnerabilities
In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the interface parameter.
CVSS Score
9.8
EPSS Score
0.016
Published
2025-08-27
RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/get_wgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the `entity` parameter to overwrite arbitrary files writable by the web server via abuse of the `tee` command used in shell execution.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-06-27