PT-2024-28776 · Unknown · Boa Web Server+1

Published

2024-10-21

Updated

2024-10-23

CVE-2024-40088

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Vilo 5 Mesh WiFi System versions up to 5.16.1.33

Description A Directory Traversal vulnerability is present in the Boa webserver used by Vilo 5 Mesh WiFi System. This vulnerability allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP request.

Recommendations For versions up to 5.16.1.33, update to a version later than 5.16.1.33 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

Exploit

Fix

Improper Encoding or Escaping of Output

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-116CWE-79

Related Identifiers

CVE-2024-40088

Affected Products

Boa Web Server

Vilo 5 Mesh Wifi System

PT-2024-28776 · Unknown · Boa Web Server+1

CVE-2024-40088

Weakness Enumeration

Related Identifiers

Affected Products

References · 7