CVE Catalog

CVE-2024-40084

CriticalCVSS 9.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.60%

44th percentile - higher than 44% of all known CVEs

Summary

In the Vilo 5 Mesh WiFi system version 5.16.1.33 and earlier, the Boa webserver contains a buffer overflow vulnerability. A remote, unauthenticated attacker can exploit exceptionally long HTTP methods or paths to execute arbitrary code.

Risk Assessment

An attacker can take control of the mesh device, leading to a breach of confidentiality and integrity of the WiFi network and potentially attacking other devices on the network.

Recommendation

Immediately update the firmware of the Vilo 5 Mesh WiFi system to the latest version that fixes this vulnerability. If an update is not available, restrict access to the management interface to trusted networks only.

Original NVD description (English source)

A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS