Login Sign Up

CVE-2024-28754

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2024-28754 is a vulnerability in RaspAP (raspap-webgui) that allows remote attackers to send crafted requests causing persistent denial of service, effectively bricking the device. This affects all systems running RaspAP web interface exposed to network access. The vulnerability requires no authentication and can be triggered remotely.

💻 Affected Systems

Products:
  • RaspAP (raspap-webgui)
Versions: through 3.0.9
Operating Systems: Raspberry Pi OS, Debian-based Linux distributions
Default Config Vulnerable: ⚠️ Yes
Notes: Affects default installations where RaspAP web interface is enabled and accessible over network.

📦 What is this software?

Raspap by Raspap

View all CVEs affecting Raspap →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device bricking requiring physical reflashing or hardware replacement, with permanent loss of functionality and data.

🟠

Likely Case

Persistent service disruption requiring manual intervention to restore functionality, potentially requiring OS reinstallation.

🟢

If Mitigated

No impact if device is not exposed to untrusted networks or if proper network segmentation is implemented.

🌐 Internet-Facing: HIGH - Remote unauthenticated attackers can trigger persistent DoS from anywhere on the internet.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems can still exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability requires sending a crafted request to the web interface, which is trivial for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.1.0 or later

Vendor Advisory: https://github.com/RaspAP/raspap-webgui/releases

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Update RaspAP using: sudo apt update && sudo apt upgrade raspap-webgui. 3. If using manual installation, download latest release from GitHub. 4. Restart the web service: sudo systemctl restart raspap-webgui.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to RaspAP web interface using firewall rules

sudo ufw deny 80/tcp
sudo ufw deny 443/tcp
sudo ufw allow from 192.168.1.0/24 to any port 80,443

Disable Web Interface

linux

Temporarily disable the RaspAP web service until patching

sudo systemctl stop raspap-webgui
sudo systemctl disable raspap-webgui

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate RaspAP devices from untrusted networks
  • Deploy web application firewall (WAF) rules to block suspicious requests to the RaspAP interface

🔍 How to Verify

Check if Vulnerable:

Check RaspAP version: dpkg -l | grep raspap-webgui or check web interface footer for version number

Check Version:

dpkg -l | grep raspap-webgui || echo 'Not installed via package manager'

Verify Fix Applied:

Confirm version is 3.1.0 or higher: dpkg -l | grep raspap-webgui | grep '3.1'

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP requests to RaspAP endpoints
  • Service restart failures in system logs
  • Web server error logs showing malformed requests

Network Indicators:

  • Multiple crafted HTTP requests to RaspAP web interface from single source
  • Unusual traffic patterns to port 80/443 on RaspAP devices

SIEM Query:

source="raspap.log" AND (http_request contains "malformed" OR http_status=500) OR source="auth.log" AND process="raspap-webgui" AND event="failure"

📊 Metadata

CVE ID: CVE-2024-28754
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: March 9, 2024
Last Updated: May 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON