3 matches found
CVE-2024-40088
A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System = 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP request...
CVE-2024-40089
A Command Injection vulnerability in Vilo 5 Mesh WiFi System = 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device...
PT-2024-28779 · Unknown · Boa Web Server +1
Name of the Vulnerable Software and Affected Versions: Vilo 5 Mesh WiFi System versions 5.16.1.33 and earlier Description: The issue concerns a lack of authentication in the Boa webserver, allowing remote, unauthenticated attackers to retrieve logs containing sensitive system information...