CVE-2017-9833

Name of the Vulnerable Software and Affected Versions Boa version 0.94.14rc21

Description The issue is related to the /cgi-bin/wapopen script in the Boa HTTP server, which is vulnerable to path traversal attacks using the FILECAMERA variable sent via GET requests. This could allow a remote attacker to gain unauthorized access to protected information by sending specially crafted requests. It is noted that this might be a system-integrator issue rather than a vulnerability in Boa itself, as Boa does not include any wapopen program or code to read the FILECAMERA variable.

Recommendations For Boa version 0.94.14rc21, consider disabling the /cgi-bin/wapopen script until a patch is available, or restrict access to this script to minimize the risk of exploitation. Additionally, avoid using the FILECAMERA variable in the affected API endpoint until the issue is resolved.