CVE-2021-33558

Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files are not par...

EUVD-2018-13549

Malware in sbrugna...

EUVD-2021-18471

Malware in sbrugna...

CVE-2021-31576

In Boa, there is a possible information disclosure due to a missing permission check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB001232...

PT-2024-30530 · Boa · Boa

Name of the Vulnerable Software and Affected Versions: Boa versions 0.16 through 0.19.0 Description: A wrong assumption in Boa's implementation of AsyncGenerator can cause an uncaught exception on certain scripts. This occurs because the state of an AsyncGenerator object is assumed not to change...

VulnCheck KEV: CVE-2017-9833

/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue e.g., a vulnerability on one type of camera because Boa does not include...

CVE-2021-31578

In Boa, there is a possible escalation of privilege due to a stack buffer overflow. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID:...

CVE-2021-31576

In Boa, there is a possible information disclosure due to a missing permission check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB001232...

PT-2023-12152 · Boa · Boa

Name of the Vulnerable Software and Affected Versions: Boa affected versions not specified Description: The issue is related to a possible escalation of privilege due to a stack buffer overflow in Boa. This could lead to remote escalation of privilege from a proximal attacker with no additional...

VulnCheck KEV: CVE-2018-20057

An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter...

CVE-2022-44117

Boa 0.94.14rc21 is vulnerable to SQL Injection via username. NOTE: the is disputed by multiple third parties because Boa does not ship with any support for SQL...

Boa SQL注入漏洞

Boa is open source an open source code for embedded applications. A SQL injection vulnerability exists in Boa version 0.94.14rc21. The vulnerability stems from the username parameter not being validated for external input. An attacker can exploit this vulnerability to obtain sensitive database...

Code injection

TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary /bin/boa...

TOTOLINK A3002R 安全漏洞

The TOTOLINK A3002R is a wireless dual-band Gigabit router from China's Gion Electronics TOTOLINK that complies with the latest IEEE802.11ac Wave 2 standard. A security vulnerability exists in the TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 version, which stems from vulnerability to...

Boa 信息泄露漏洞

Boa is an open source code for embedded applications from Boa Open Source. An information disclosure vulnerability exists in Boa version 0.94.13, which allows remote attackers to obtain sensitive information via misconfiguration...

PT-2021-7536 · Boa · Boa

Name of the Vulnerable Software and Affected Versions: Boa version 0.94.13 Description: The issue is related to configuration errors in files such as backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js of the Boa HTTP server. Exploitation of this issue may...

CVE-2017-9833

CVE-2017-9833 affects BOA Web Server 0.94.14rc21, enabling arbitrary file read via path traversal through the FILECAMERA parameter in /cgi-bin/wapopen. Exploitation reads files with root privileges without credentials. Affected component: BOA Web Server; root cause: improper handling of FILECAMER...

[SECURITY] New versions of Boa packages available

Package: boa Vulnerability: exposes contents of local files Debian-specific: no Vulnerable: yes In versions of boa before 0.94.8.3, it is possible to access files outside of the servers document root by the use of properly constructed URL requests. This problem is fixed in version 0.94.8.3-1,...