Overview
RaspAP has released an update to address a vulnerability in their products. Users of affected versions are advised to update to the latest version.
Affected Products
CVE-2024-41637
- RaspAP versions: ~ 3.1.5 (excluded)
Resolved Vulnerabilities
A vulnerability that allows a low-privileged user to modify the www-dataservice file and use sudo without proper restrictions, which could allow an attacker to escalate privileges (CVE-2024-41637)
Vulnerability Patches
Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-41637
- RaspAP version: 3.1.5
Referenced Sites
[1] CVE-2024-41637 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-41637
[2] Local Privilege Escalation In RaspAP
https://blog.0xzon.dev/2024-07-27-CVE-2024-41637/
Article Link: RaspAP Security Update Advisory (CVE-2024-41637) – ASEC