CVE Vulnerability

CVE-2020-24848

FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.

7.2 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/xtr4nge/FruityWifi/issues/278 Exploit Issue Tracking
https://gist.github.com/harsh-bothra/5be73cfd53f1c5bea307c702ae83ff42 Broken Link
Configurations

Configuration 1

cpe:2.3:a:fruitywifi_project:fruitywifi:*:*:*:*:*:*:*:*
Information

Published : 2020-10-23 07:15

Updated : 2022-04-28 06:24

NVD link : CVE-2020-24848

Mitre link : CVE-2020-24848

Products Affected
No products.
CWE
CWE-269

CWE-287