BOA Web Server 0.94.14 - Arbitrary File Access

BOA Web Server 0.94.14 is susceptible to arbitrary file access. The server allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges and without using access credentials. id: CVE-2017-9833 info: name: BOA Web Server 0.94.14 - Arbitrary File Acces...

Boa 0.94.13 - Information Disclosure

Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE- multiple third parties report that this is a site-specific issue because those files are not par...

CVE-2026-36957

Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent URIs, an attacker can exhaust critical system resources, including file descriptors and memory...

CVE-2026-36958

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...

CVE-2026-36958

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...

CVE-2026-36957

Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent URIs, an attacker can exhaust critical system resources, including file descriptors and memory...

CVE-2026-36958

CVE-2026-36958 affects the U-SPEED N300 router (firmware V1.0.0). The embedded Boa HTTP server is vulnerable to a denial-of-service when a large number of concurrent HTTP requests target random/non-existent web-management endpoints, exhausting resources and rendering the web interface unresponsiv...

CVE-2026-36957

The affected device is the Dbit Router, firmware V1.0.0 (Dbit N300 T1 Pro Easy Setup Wireless Wi‑Fi Router). The vulnerability is in the Boa web server URI handler, which can be exploited by sending a high-volume flood of HTTP GET requests to non-existent URIs, causing resource exhaustion (file d...

Dbit N300 T1 Pro 资源管理错误漏洞

The Dbit N300 T1 Pro is a wireless router device produced by the Dbit company. The Dbit N300 T1 Pro V1.0.0 version has a resource management vulnerability. This vulnerability stems from a denial-of-service attack in the boa Web server URI handler, which could allow attackers to exhaust system...

EUVD-2026-26379

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...

CVE-2026-36958

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...

PT-2026-36104

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...

U-SPEED N300 资源管理错误漏洞

The U-SPEED N300 is a wireless router device produced by the U-SPEED company. The U-SPEED N300 V1.0.0 version has a resource management vulnerability. This vulnerability stems from a denial-of-service attack on the embedded Boa HTTP server. It is possible for attackers to exhaust system resources...

CVE-2026-36958

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...

Exploit for CVE-2026-36958

CVE-2026-36958: Denial of Service via Concurrent HTTP Requests...

Exploit for CVE-2026-36957

CVE-2026-36957: Denial of Service via HTTP Flood on Boa Web Se...

CVE-2026-6988

A flaw has been found in Tenda HG10 HG7HG9HG10re300001138enxpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack remotely. The exploit h...

CVE-2026-6988

A flaw has been found in Tenda HG10 HG7HG9HG10re300001138enxpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack remotely. The exploit h...

CVE-2026-6988 Tenda HG10 Boa Service formRouting formRoute buffer overflow

A flaw has been found in Tenda HG10 HG7HG9HG10re300001138enxpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack remotely. The exploit h...

CVE-2026-6988

The CVE-2026-6988 entry concerns Tenda HG10 devices (Boa Service) where the formRoute function in /boaform/formRouting is vulnerable to a buffer overflow caused by manipulating the nextHop argument. The flaw allows remote initiation of an attack, and the description notes that an exploit has been...