CVE-2024-40088 — MEDIUM (5.3)

Q: How severe is CVE-2024-40088?

CVE-2024-40088 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-40088?

Check the references section above for vendor advisories and patch information. Affected products include: Viloliving Vilo 5 Firmware, Viloliving Vilo 5.

Vulnerability Description

A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP request.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Viloliving	Vilo 5 Firmware	<= 5.16.1.33
Viloliving	Vilo 5	-

Related Weaknesses (CWE)

CWE-116 CWE-79

References

http://vilo.comNot Applicable
https://github.com/byu-cybersecurity-research/vilo/blob/main/vulns/CVE-2024-4008Third Party Advisory

FAQ

What is CVE-2024-40088?

CVE-2024-40088 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the files...

How severe is CVE-2024-40088?

CVE-2024-40088 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-40088?

Check the references section above for vendor advisories and patch information. Affected products include: Viloliving Vilo 5 Firmware, Viloliving Vilo 5.