CVE-2024-40085

A Buffer Overflow vulnerability in the localappsetrouterwan function of Vilo 5 Mesh WiFi System = 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via pppoeusername and pppoepassword fields being larger than 128 bytes in length...

CVE-2024-40091

Vilo 5 Mesh WiFi System = 5.16.1.33 lacks authentication in the Boa webserver, which allows remote, unauthenticated attackers to retrieve logs with sensitive system...

CVE-2024-40087

Vilo 5 Mesh WiFi System = 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access over the router...

CVE-2024-40089

A Command Injection vulnerability in Vilo 5 Mesh WiFi System = 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device...

CVE-2024-40084

A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System = 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths...

CVE-2024-40083

A Buffer Overflow vulnerabilty in the localappsetroutertoken function of Vilo 5 Mesh WiFi System = 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via sscanf reading the token and timezone JSON fields into a fixed-length buffer...

CVE-2024-40089

A Command Injection vulnerability in Vilo 5 Mesh WiFi System = 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device...

Vilo Mesh WiFi System 访问控制错误漏洞

Vilo Mesh WiFi System is a wireless system from Vilo. A security vulnerability exists in Vilo Mesh WiFi System version 5.16.1.33 and earlier, which stems from a lack of authentication and allows a remote, unauthenticated attacker to retrieve logs using a sensitive system...

Vilo Mesh WiFi System 安全漏洞

Vilo Mesh WiFi System is a wireless system from Vilo. A security vulnerability exists in Vilo Mesh WiFi System version 5.16.1.33 and earlier, which stems from the presence of a buffer overflow vulnerability that could allow a remote, unauthenticated attacker to execute arbitrary code by reading a...

CVE-2024-40090

Vilo 5 Mesh WiFi System = 5.16.1.33 is vulnerable to Information Disclosure. An information leak in the Boa webserver allows remote, unauthenticated attackers to leak memory addresses of uClibc and the stack via sending a GET request to the index page...

Vilo 5 Mesh WiFi System 安全漏洞

Vilo Mesh WiFi System is a wireless system from Vilo. A security vulnerability exists in Vilo 5 Mesh WiFi System version 5.16.1.33 and earlier, which stems from the presence of a buffer overflow vulnerability that could allow a remote, unauthenticated attacker to execute arbitrary code via an...

PT-2024-28777 · Vilo · Vilo 5 Mesh Wifi System

Name of the Vulnerable Software and Affected Versions: Vilo 5 Mesh WiFi System versions up to 5.16.1.33 Description: A Command Injection issue allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device. This enables attackers to r...

Vilo Mesh WiFi System 安全漏洞

Vilo Mesh WiFi System is a wireless system from Vilo. A security vulnerability exists in Vilo Mesh WiFi System version 5.16.1.33 and earlier, which stems from the presence of a directory traversal vulnerability that could allow a remote, unauthenticated attacker to enumerate the existence and...

Vilo Mesh WiFi System 访问控制错误漏洞

Vilo Mesh WiFi System is a wireless system from Vilo. A security vulnerability exists in Vilo Mesh WiFi System version 5.16.1.33 and earlier, which stems from a lack of authentication of a custom TCP service, which makes it vulnerable to attacks with insecure privileges and allows a remote,...

PT-2024-28774 · Unknown · Vilo 5 Mesh Wifi System

Name of the Vulnerable Software and Affected Versions: Vilo 5 Mesh WiFi System versions prior to 5.16.1.34 Description: A Buffer Overflow issue in the local app set router wifi SSID PWD function allows remote, unauthenticated attackers to execute arbitrary code via a password field larger than 64...

Vilo Mesh WiFi System 安全漏洞

Vilo Mesh WiFi System is a wireless system from Vilo. A security vulnerability exists in Vilo Mesh WiFi System version 5.16.1.33 and earlier, which stems from the presence of an information disclosure that could allow a remote, unauthenticated attacker to disclose the memory address of uClibc and...

Vilo Mesh WiFi System 命令注入漏洞

Vilo Mesh WiFi System is a wireless system from Vilo. A security vulnerability exists in Vilo Mesh WiFi System version 5.16.1.33 and earlier, which stems from the presence of a command injection vulnerability that allows a remote, authenticated attacker to execute arbitrary code by injecting shel...

CVE-2024-40087

CVE-2024-40087 affects Vilo 5 Mesh WiFi System up to version 5.16.1.33. The vulnerability is due to No Authentication in a custom TCP service on port 5432, leading to Insecure Permissions. The root cause is a lack of authentication for that service, allowing remote, unauthenticated attackers to g...