6 matches found
VulnCheck KEV: CVE-2017-9833
/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue e.g., a vulnerability on one type of camera because Boa does not include...
The vulnerability in the implementation of the /cgi-bin/wapopen HTTP-server Boa allows a hacker to gain unauthorized access to protected information.
The vulnerability in the /cgi-bin/wapopen HTTP-server implementation of Boa is related to incorrect restrictions on the path to the restricted directory during processing of the FILECAMERA variable. Exploiting this vulnerability allows an attacker to gain unauthorized access to protected...
Boa Webserver Arbitrary File Access Vulnerability
Boa Webserver is a web server for Unix-like computers. A security vulnerability exists in the /cgi-bin/wapopen URI in Boa Webserver version 0.94.14rc21. An attacker can inject the URI by using the FILECAMERA variable '... /...' The vulnerability can be exploited to read files with root privileges...
CVE-2017-9833
/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue e.g., a vulnerability on one type of camera because Boa does not include any...
CVE-2017-9833
/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue e.g., a vulnerability on one type of camera because Boa does not include any...
PT-2017-4227 · Boa · Boa
Name of the Vulnerable Software and Affected Versions: Boa version 0.94.14rc21 Description: The issue is related to the /cgi-bin/wapopen script in the Boa HTTP server, which is vulnerable to path traversal attacks using the FILECAMERA variable sent via GET requests. This could allow a remote...