FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24848
Reference (s):
- https://gist.github.com/harsh-bothra/5be73cfd53f1c5bea307c702ae83ff42
- https://github.com/xtr4nge/FruityWifi/issues/278