What is CVE-2022-39987?

CVE-2022-39987 is a vulnerability in N/a. Published 2023-08-01.

Is CVE-2022-39987 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-39987

A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php.

EPSS: 0.765 (99.0th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

miguelc49/CVE-2022-39987-1
miguelc49/CVE-2022-39987-2
miguelc49/CVE-2022-39987-3
nomi-sec/PoC-in-GitHub

References

github.com/RaspAP/raspap-webgui/blob/master/ajax/networking/get_wgkey.php
medium.com/@ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2

Frequently asked questions

What is CVE-2022-39987?: CVE-2022-39987 is a vulnerability in N/a. Published 2023-08-01.
Is CVE-2022-39987 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.