Skip to main content

Vilo 5 Firmware

6 CVEs product

Monthly

CVE-2024-40091 MEDIUM This Month

Vilo 5 Mesh WiFi System <= 5.16.1.33 lacks authentication in the Boa webserver, which allows remote, unauthenticated attackers to retrieve logs with sensitive system. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Vilo 5 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-40090 MEDIUM This Month

Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Information Disclosure. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vilo 5 Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-40089 CRITICAL Act Now

A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE Vilo 5 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
1.4%
CVE-2024-40088 MEDIUM This Month

A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Path Traversal Vilo 5 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-40087 CRITICAL Act Now

Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vilo 5 Firmware
NVD GitHub
CVSS 3.1
9.6
EPSS
0.4%
CVE-2024-40084 CRITICAL Act Now

A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Vilo 5 Firmware
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%
EPSS 0% CVSS 5.3
MEDIUM This Month

Vilo 5 Mesh WiFi System <= 5.16.1.33 lacks authentication in the Boa webserver, which allows remote, unauthenticated attackers to retrieve logs with sensitive system. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Vilo 5 Firmware
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Information Disclosure. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vilo 5 Firmware
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE Vilo 5 Firmware
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Path Traversal Vilo 5 Firmware
NVD GitHub
EPSS 0% CVSS 9.6
CRITICAL Act Now

Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vilo 5 Firmware
NVD GitHub
EPSS 1% CVSS 9.6
CRITICAL Act Now

A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Vilo 5 Firmware
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy