RaspAP Security Update Advisory (CVE-2024-41637)

Overview

 

RaspAP has released an update to address a vulnerability in their products. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-41637

  • RaspAP versions: ~ 3.1.5 (excluded)

 

 

Resolved Vulnerabilities

 

A vulnerability that allows a low-privileged user to modify the www-dataservice file and use sudo without proper restrictions, which could allow an attacker to escalate privileges (CVE-2024-41637)

 

Vulnerability Patches

 

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-41637

  • RaspAP version: 3.1.5

 

 

Referenced Sites

 

[1] CVE-2024-41637 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-41637

[2] Local Privilege Escalation In RaspAP

https://blog.0xzon.dev/2024-07-27-CVE-2024-41637/

Article Link: RaspAP Security Update Advisory (CVE-2024-41637) – ASEC