Vulnerabilities (CVE)

Filtered by vendor Fruitywifi Project Subscribe

Filtered by product Fruitywifi

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-24848	1 Fruitywifi Project	1 Fruitywifi	2022-04-28	7.2 HIGH	7.8 HIGH
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-24849	1 Fruitywifi Project	1 Fruitywifi	2021-07-21	6.5 MEDIUM	8.8 HIGH
A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the page_config_adv.php page, it is possible to perform remote code execution by an authenticated attacker. This is similar to CVE-2018-17317.