exploitDog

CVE-2024-40088

Опубликовано: 21 окт. 2024

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP request.

Ссылки

http://vilo.com
Not Applicable
https://github.com/byu-cybersecurity-research/vilo/blob/main/vulns/CVE-2024-40088.md
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:viloliving:vilo_5_firmware:*:*:*:*:*:*:*:*

Версия до 5.16.1.33 (включая)

cpe:2.3:h:viloliving:vilo_5:-:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00722

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-633w-6x85-3m7x

CVSS3: 5.3

github

больше 1 года назад

A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP request.

EPSS

Процентиль: 72%

0.00722

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-79