Vulnerability Details CVE-2017-9833
/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because Boa does not include any wapopen program or any code to read a FILECAMERA variable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.907
EPSS Ranking 99.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.8
References