-/10CrowdSec Score

RaspAP - RCE (CVE-2022-39986)

Published on01-08-2023

First seen on01-01-1970

Public ExploitCVSS 9.8/10RaspAP - RaspAP

0Exploiting IPs reported

A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.

Exploitation

Get real-time information about exploitation attempts and actors involved.

Detected IPs

Discover the IPs that targeted this vulnerability across the CrowdSec Network.

・

Protection

Find out relevant information to protect your stack against this CVE.

Blocklist

With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.

To increase your protection against this CVE, block exploitation attempts with this list of identified actors.

RaspAP - RCE (CVE-2022-39986)

Exploitation

Detected IPs

Protection

Blocklist

References