CVE-2021-33558

HIGH EXPLOITED IN THE WILD RANSOMWARE NUCLEI

Boa 0.94.13 - Information Disclosure via Misconfigured Backup Files

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2021-33558 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io), including in ransomware campaigns. EIP tracks 2 public exploits from researchers including mdanzaruddin, anldori. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository provides a proof-of-concept for CVE-2021-33558, an information disclosure vulnerability in Boa/0.94.13. The exploit demonstrates access to sensitive files via direct URL requests.

Description

Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files are not part of Boa.

Exploits (2)

nomisec WORKING POC 3 stars
by mdanzaruddin · infoleak
https://github.com/mdanzaruddin/CVE-2021-33558.

This repository provides a proof-of-concept for CVE-2021-33558, an information disclosure vulnerability in Boa/0.94.13. The exploit demonstrates access to sensitive files via direct URL requests.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Boa/0.94.13
No auth needed
Prerequisites: Access to the target web server
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec SUSPICIOUS 1 stars
by anldori · infoleak
https://github.com/anldori/CVE-2021-33558

The repository lacks functional exploit code and instead provides a list of URLs and images without technical details. It appears to be a placeholder or lure rather than a legitimate PoC.

Classification
Suspicious 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Boa Web Server 0.94.13
No auth needed
Prerequisites: access to the target web server
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

Boa 0.94.13 - Information Disclosure
HIGHby DhiyaneshDK
Shodan: Server: Boa/0.94.13
FOFA: Server: Boa/0.94.13

References (3)

Core 3
Core References
Exploit, Third Party Advisory
https://github.com/mdanzaruddin/CVE-2021-33558.
Issue Tracking, Third Party Advisory
https://github.com/mdanzaruddin/CVE-2021-33558./issues/1
Release Notes, Third Party Advisory
https://sourceforge.net/projects/boa/files/boa/0.94.13/

Scores

CVSS v3 7.5
EPSS 0.1033
EPSS Percentile 95.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

VulnCheck KEV 2023-02-14
InTheWild.io 2023-02-15
Ransomware Use Confirmed
Status published
Products (1)
boa/boa 0.94.13
Published May 27, 2021
Tracked Since Feb 18, 2026