CVE-2017-9833

EPSS 67.7%

/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because Boa does not include any wapopen program or any code to read a FILECAMERA variable.

Affected products

n/a · n/a

public PoCs found — 3

githubgithub.com/anldori/CVE-2017-9833★ 1 cve_referencewww.exploit-db.com/exploits/42290/unverified exploitdbwww.exploit-db.com/exploits/42290unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://pastebin.com/raw/rt7LJvyF https://www.exploit-db.com/exploits/42290/