Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-39986

EPSS 93.06% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-39986

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
RaspAP 命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
RaspAP是应用软件基于 Debian 的设备的简单无线 AP 设置和管理 RaspAP 2.8.0至2.8.7版本存在安全漏洞,该漏洞源于存在命令注入漏洞。允许攻击者通过参数cfg_id执行任意命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2022-39986

#POC DescriptionSource LinkShenlong Link
1CVE-2022-39986 PoChttps://github.com/WhiteOwl-Pub/RaspAP-CVE-2022-39986-PoCPOC Details
2bash script for automated discovery and exploitation of machines with the CVE-2022-39986 vulnerabilityhttps://github.com/mind2hex/RaspAP_HunterPOC Details
3CVE-2022-39986 PoChttps://github.com/tucommenceapousser/RaspAP-CVE-2022-39986-PoCPOC Details
4bash script for automated discovery and exploitation of machines with the CVE-2022-39986 vulnerabilityhttps://github.com/mind2hex/CVE-2022-39986POC Details
5A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-39986.yamlPOC Details
6bash script for automated discovery and exploitation of machines with the CVE-2022-39986 vulnerabilityhttps://github.com/mind2hex/CVE-2022-39986-RaspAP-2.8.0-2.8.7-RCEPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-39986

登录查看更多情报信息。

Same Patch Batch · n/a · 2023-08-01 · 30 CVEs total

CVE-2023-334939.8 CRITICALPrestaShop 代码问题漏洞
CVE-2023-261397.5 HIGHunderscore-keypath 安全漏洞
CVE-2023-39147Uvdesk 代码问题漏洞
CVE-2023-36984Lavalite CMS 安全漏洞
CVE-2023-36121e107 跨站脚本漏洞
CVE-2023-38990Jeesite 安全漏洞
CVE-2023-33560PHPJabbers Time Slots Booking Calendar 跨站脚本漏洞
CVE-2023-33561PHPJabbers Time Slots Booking Calendar 安全漏洞
CVE-2023-33562PHPJabbers Time Slots Booking Calendar 安全漏洞
CVE-2023-33563PHPJabbers Time Slots Booking Calendar 授权问题漏洞
CVE-2023-33564PHPJabbers Time Slots Booking Calendar 跨站脚本漏洞
CVE-2023-34869PHPJabbers Time Slots Booking Calendar 跨站脚本漏洞
CVE-2023-36118Faculty Evaulation System 跨站脚本漏洞
CVE-2023-36351Viatom Health ViHealth 安全漏洞
CVE-2023-34551EZVIZ CS Series 缓冲区错误漏洞
CVE-2023-34552EZVIZ CS Series 缓冲区错误漏洞
CVE-2023-34960Chamilo 命令注入漏洞
CVE-2023-36983Lavalite CMS 安全漏洞
CVE-2023-36210MotoCMS 注入漏洞
CVE-2023-36211Barebones CMS 跨站脚本漏洞

Showing top 20 of 30 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2022-39986

No comments yet

Leave a comment