CVE-2024-40088

Improper Encoding or Escaping of Output (CWE-116)

Published: Oct 21, 2024 / Updated: 29d ago

010
CVSS 5.3EPSS 0.04%Medium
CVE info copied to clipboard

A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP request.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-40088

Oct 21, 2024 at 9:15 PM
First Article

Feedly found the first article mentioning CVE-2024-40088. See article

Oct 21, 2024 at 9:21 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 21, 2024 at 9:21 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 22, 2024 at 10:46 AM
CVSS

A CVSS base score of 5.3 has been assigned.

Oct 22, 2024 at 2:52 PM / nvd
Static CVE Timeline Graph

Affected Systems

Boa/boa
+null more

Attack Patterns

CAPEC-104: Cross Zone Scripting
+null more

News

CVE-2024-40088 | Vilo Mesh WiFi System up to 5.16.1.33 Boa Webserver path traversal
A vulnerability classified as critical was found in Vilo Mesh WiFi System up to 5.16.1.33 . This vulnerability affects unknown code of the component Boa Webserver . The manipulation leads to path traversal. This vulnerability was named CVE-2024-40088 . The attack can be initiated remotely. There is no exploit available.
CVE-2024-40088
A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System &lt;= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP...
CVE-2024-40088
A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System &lt;= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP...
CVE-2024-40088 - Vilo Boa Webserver Directory Traversal Vulnerability
CVE ID : CVE-2024-40088 Published : Oct. 21, 2024, 9:15 p.m. 18 minutes ago Description : A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System Severity: 0.0 NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-40088
A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <=5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP request.

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:Low
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI