Cyber Resilience

CVE-2024-28754

HighPublic PoC

Published: 09 March 2024

Published
09 March 2024
Modified
01 May 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0036 58.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-28754 is a high-severity an unspecified weakness vulnerability in Raspap Raspap. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique /etc/passwd and /etc/shadow (T1003.008); ranked in the top 41.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to cause a persistent denial of service (bricking) via a crafted request.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1003.008 /etc/passwd and /etc/shadow Credential Access
Adversaries may attempt to dump the contents of <code>/etc/passwd</code> and <code>/etc/shadow</code> to enable offline password cracking.
T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
T1499 Endpoint Denial of Service Impact
Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
T1552.004 Private Keys Credential Access
Adversaries may search for private key certificate files on compromised systems for insecurely stored credentials.
Why these techniques?

RaspAP (CVE-2024-28754 and related vulns) enables unauthenticated remote arbitrary file reads for OS credential dumping (/etc/passwd) and unsecured credentials (WiFi passwords, WireGuard keys), exploitation of default accounts for backdooring/MitM, and persistent endpoint DoS via system bricking.

Affected Assets

raspap
raspap
≤ 3.0.9

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References