Boa Webserver Arbitrary File Access Vulnerability

Boa Webserver is a web server for Unix-like computers. A security vulnerability exists in the /cgi-bin/wapopen URI in Boa Webserver version 0.94.14rc21. An attacker can inject the URI by using the FILECAMERA variable '... /...' The vulnerability can be exploited to read files with root privileges...

Design/Logic Flaw

DISPUTED /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue e.g., a vulnerability on one type of camera because Boa does not...

CVE-2017-9833

/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue e.g., a vulnerability on one type of camera because Boa does not include any...

CVE-2017-9833

CVE-2017-9833 affects BOA Web Server 0.94.14rc21, enabling arbitrary file read via path traversal through the FILECAMERA parameter in /cgi-bin/wapopen. Exploitation reads files with root privileges without credentials. Affected component: BOA Web Server; root cause: improper handling of FILECAMER...

PT-2017-4227 · Boa · Boa

Name of the Vulnerable Software and Affected Versions: Boa version 0.94.14rc21 Description: The issue is related to the /cgi-bin/wapopen script in the Boa HTTP server, which is vulnerable to path traversal attacks using the FILECAMERA variable sent via GET requests. This could allow a remote...