FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-40091

Missing Authentication for Critical Function (CWE-306)

Published: Oct 21, 2024 / Updated: 29d ago

010
CVSS 5.3EPSS 0.04%Medium
CVE info copied to clipboard

Vilo 5 Mesh WiFi System <= 5.16.1.33 lacks authentication in the Boa webserver, which allows remote, unauthenticated attackers to retrieve logs with sensitive system.

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-40091

Oct 21, 2024 at 9:15 PM
First Article

Feedly found the first article mentioning CVE-2024-40091. See article

Oct 21, 2024 at 9:21 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 21, 2024 at 9:21 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 22, 2024 at 10:46 AM
CVSS

A CVSS base score of 5.3 has been assigned.

Oct 22, 2024 at 5:40 PM / nvd
Static CVE Timeline Graph

Affected Systems

Boa/boa
+null more

Attack Patterns

CAPEC-12: Choosing Message Identifier
+null more

News

CVE-2024-40091 | Vilo Mesh WiFi System up to 5.16.1.33 Boa Webserver information disclosure
VulDB Recent Entries / 28d
A vulnerability classified as problematic has been found in Vilo Mesh WiFi System up to 5.16.1.33 . Affected is an unknown function of the component Boa Webserver . The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-40091 . It is possible to launch the attack remotely. There is no exploit available.
CVE-2024-40091
Vulners.com RSS Feed / 29d
Vilo 5 Mesh WiFi System &lt;= 5.16.1.33 lacks authentication in the Boa webserver, which allows remote, unauthenticated attackers to retrieve logs with sensitive...
CVE-2024-40091
Vulners.com RSS Feed / 29d
Vilo 5 Mesh WiFi System &lt;= 5.16.1.33 lacks authentication in the Boa webserver, which allows remote, unauthenticated attackers to retrieve logs with sensitive...
CVE-2024-40091 - Vilo 5 Mesh WiFi System Web Server Authentication Bypass Vulnerability
Latest Vulnerabilities / 29d
CVE ID : CVE-2024-40091 Published : Oct. 21, 2024, 9:15 p.m. 18 minutes ago Description : Vilo 5 Mesh WiFi System Severity: 0.0 NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-40091
National Vulnerability Database / 29d
Vilo 5 Mesh WiFi System <=5.16.1.33 lacks authentication in the Boa webserver, which allows remote, unauthenticated attackers to retrieve logs with sensitive system.

CVSS V3.1

Attack Vector:Adjacent_network
Attack Complexity:High
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

CVSS 5.3(34617)CWE-306(1267)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial