CVSS: 10.0EPSS: 77%CPEs: 1EXPL: 2CVE-2007-4915 – Boa 0.93.15 - Administrator Password Overwrite Authentication Bypass
https://notcve.org/view.php?id=CVE-2007-4915
The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long username in an HTTP Basic Authentication request. Las extensiones Intersil isl3893 para Boa 0.93.15, utilizadas sobre FreeLan RO80211G-AP y otros dispositivos, no previenen la escritura en pila desde la entrada a localizaciones de memoria utilizadas para constantes de cadenas, las cuales permiten a atacantes remotos cambiar la contraseña de admin almacenada en memoria a través de un nombre de usuario largo en una respuesta HTTP Basic Authentication. The Intersil extension in the Boa HTTP Server 0.93.x - 0.94.11 allows basic authentication bypass when the user string is greater than 127 bytes long. The long string causes the password to be overwritten in memory, which enables the attacker to reset the password. In addition, the malicious attempt also may cause a denial-of-service condition. • https://www.exploit-db.com/exploits/30584 https://www.exploit-db.com/exploits/4542 http://securityreason.com/securityalert/3151 http://www.gnucitizen.org/projects/router-hacking-challenge http://www.ikkisoft.com/stuff/SN-2007-02.txt http://www.securenetwork.it/ricerca/advisory/download/SN-2007-02.txt http://www.securityfocus.com/archive/1/479434/100/0/threaded http://www.securityfocus.com/archive/1/489009/100/0/threaded http://www.securityfocus.com/bid/25676 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 2CVE-2000-0920 – BOA Web Server 0.94.8.2 - Arbitrary File Access
https://notcve.org/view.php?id=CVE-2000-0920
Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack in the GET HTTP request that uses a "%2E" instead of a "." • https://www.exploit-db.com/exploits/36689 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:60.boa.asc http://archives.neohapsis.com/archives/bugtraq/2000-10/0092.html http://www.debian.org/security/2000/20001009 http://www.securityfocus.com/bid/1770 https://exchange.xforce.ibmcloud.com/vulnerabilities/5330 •