byu-cybersecurity-research

2 exploits Active since Oct 2024

CVE-2024-40088 WRITEUP MEDIUM WRITEUP

Vilo 5 Mesh WiFi System <= 5.16.1.33 - Path Traversal

A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP request.

CVSS 5.3

View Code

CVE-2024-40089 WRITEUP CRITICAL WRITEUP

Vilo 5 Mesh WiFi System <= 5.16.1.33 - Command Injection

A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device.

CVSS 9.1

View Code