Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
boa boa vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-33820
Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Specifically, they exploit the length of the wlan_ssid field triggers the overflow.
802
VMScore
CVE-2018-20057
An issue exists in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter.
D-link Dir-619l Firmware 2.06b1
D-link Dir-605l Firmware 2.12b1
436
VMScore
CVE-2020-27690
The Relish (Verve Connect) VH510 device with firmware prior to 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with a large blkDomain value, the Boa server crashes.
Imomobile Verve Connect Vh510 Firmware
NA
CVE-2022-32665
In Boa, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20220026; Issue ID: OSBNB00144124.
Mediatek Linkit Software Development Kit
668
VMScore
CVE-2018-20056
An issue exists in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote malicious users to execute arbitrary code without authentication via the goform/formLanguageChange currTime parameter.
D-link Dir-619l Firmware 2.06b1
D-link Dir-605l Firmware 2.12b1
NA
CVE-2021-31576
In Boa, there is a possible information disclosure due to a missing permission check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issu...
Mediatek En7580 Firmware
Mediatek En7528 Firmware
NA
CVE-2021-31577
In Boa, there is a possible escalation of privilege due to a missing permission check. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; ...
Mediatek En7580 Firmware
Mediatek En7528 Firmware
NA
CVE-2021-31578
In Boa, there is a possible escalation of privilege due to a stack buffer overflow. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Iss...
Mediatek En7580 Firmware
Mediatek En7528 Firmware
NA
CVE-2023-7208
A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: T...
Totolink X2000r Firmware 2.0.0-b20230727.10434
505
VMScore
CVE-2009-4495
Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal e...
Yaws Yaws 1.85
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »