Listen to this Post
How the CVE Works
The vulnerability in RaspAP raspap-webgui 3.3.1 arises from insufficient input validation in the `ajax/networking/get_wgkey.php` endpoint. An authenticated attacker can exploit this by sending a crafted POST request containing a path traversal payload (e.g., ../../malicious.txt) in the `entity` parameter. The application uses the `tee` command in shell execution without proper sanitization, allowing the attacker to overwrite arbitrary files writable by the web server. This could lead to remote code execution, configuration manipulation, or service disruption.
DailyCVE Form
Platform: RaspAP raspap-webgui
Version: 3.3.1
Vulnerability: Directory Traversal
Severity: High
Date: Jun 27, 2025
Prediction: Patch by Jul 10, 2025
What Undercode Say
Analytics:
curl -X POST http://target/ajax/networking/get_wgkey.php -d "entity=../../evil.php"
payload = {"entity": "../../.ssh/authorized_keys"}
requests.post(target_url, data=payload)
How Exploit:
- Authenticate to RaspAP.
- Send malicious POST request with traversal payload.
- Overwrite critical files via `tee` command abuse.
Protection from this CVE:
- Update to patched version.
- Sanitize user input.
- Restrict web server write permissions.
Impact:
- Arbitrary file overwrite.
- Potential RCE.
- System compromise.
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
