The vulnerability in the implementation of the /cgi-bin/wapopen HTTP-server Boa allows a hacker to gain unauthorized access to protected information.

The vulnerability in the /cgi-bin/wapopen HTTP-server implementation of Boa is related to incorrect restrictions on the path to the restricted directory during processing of the FILECAMERA variable. Exploiting this vulnerability allows an attacker to gain unauthorized access to protected...

CVE-2017-9833

/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue e.g., a vulnerability on one type of camera because Boa does not include any...

CVE-2017-9833

CVE-2017-9833 affects BOA Web Server 0.94.14rc21, enabling arbitrary file read via path traversal through the FILECAMERA parameter in /cgi-bin/wapopen. Exploitation reads files with root privileges without credentials. Affected component: BOA Web Server; root cause: improper handling of FILECAMER...

PT-2017-4227 · Boa · Boa

Name of the Vulnerable Software and Affected Versions: Boa version 0.94.14rc21 Description: The issue is related to the /cgi-bin/wapopen script in the Boa HTTP server, which is vulnerable to path traversal attacks using the FILECAMERA variable sent via GET requests. This could allow a remote...