CVE-2007-4915

Name of the Vulnerable Software and Affected Versions: Boa version 0.93.15

Description: The issue allows remote attackers to change the admin password stored in memory by sending a long username in an HTTP Basic Authentication request. This is due to the failure of the Intersil isl3893 extensions to prevent stack writes from entering memory locations used for string constants.

Recommendations: For Boa version 0.93.15, consider restricting access to the HTTP Basic Authentication endpoint until a fix is available. As a temporary workaround, avoid using the username variable in the affected API endpoint, such as "/api/v1/login", to minimize the risk of exploitation.