CVE-2024-40084
CriticalCVSS 9.6Exploitation Probability (EPSS)
Low risk44th percentile - higher than 44% of all known CVEs
Summary
In the Vilo 5 Mesh WiFi system version 5.16.1.33 and earlier, the Boa webserver contains a buffer overflow vulnerability. A remote, unauthenticated attacker can exploit exceptionally long HTTP methods or paths to execute arbitrary code.
Risk Assessment
An attacker can take control of the mesh device, leading to a breach of confidentiality and integrity of the WiFi network and potentially attacking other devices on the network.
Recommendation
Immediately update the firmware of the Vilo 5 Mesh WiFi system to the latest version that fixes this vulnerability. If an update is not available, restrict access to the management interface to trusted networks only.
Original NVD description (English source)
A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths.

