CVE-2024-40088

A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP request.
Configurations

No configuration.

History

23 Oct 2024, 15:12

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de recorrido de directorio en el servidor web Boa del sistema WiFi Mesh Vilo 5 &lt;= 5.16.1.33 permite a atacantes remotos no autenticados enumerar la existencia y la longitud de cualquier archivo en el sistema de archivos colocando cargas Ăștiles maliciosas en la ruta de cualquier solicitud HTTP.

22 Oct 2024, 14:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CWE CWE-116
CWE-79

21 Oct 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-21 21:15

Updated : 2024-10-23 15:12


NVD link : CVE-2024-40088

Mitre link : CVE-2024-40088

CVE.ORG link : CVE-2024-40088


JSON object : View

Products Affected

No product.

CWE
CWE-116

Improper Encoding or Escaping of Output

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')