CVE-2017-9833

Published: Jun 24, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because Boa does not include any wapopen program or any code to read a FILECAMERA variable.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://pastebin.com/raw/rt7LJvyF

42290

exploit

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-9833

Description

Affected Products

References