CVE-2024-28753 Information

Description

RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request.

Reference

https://dustri.org/b/carrot-disclosure.html