A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP request.
History

Tue, 22 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Vilo
Vilo 5 Mesh Wifi System
Weaknesses CWE-116
CWE-79
CPEs cpe:2.3:h:vilo:5_mesh_wifi_system:*:*:*:*:*:*:*:*
Vendors & Products Vilo
Vilo 5 Mesh Wifi System
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 21 Oct 2024 21:00:00 +0000

Type Values Removed Values Added
Description A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP request.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-10-21T00:00:00

Updated: 2024-10-22T13:46:38.226Z

Reserved: 2024-07-05T00:00:00

Link: CVE-2024-40088

cve-icon Vulnrichment

Updated: 2024-10-22T13:46:31.936Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-21T21:15:06.080

Modified: 2024-10-23T15:12:34.673

Link: CVE-2024-40088

cve-icon Redhat

No data.