viloliving 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting and バッファオーバーフロー があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact session compromise、アプリケーションクラッシュ, and vendor impact memory corruption などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-40091 | Vilo 5 Mesh WiFi System <= 5.16.1.33 lacks authentication in the Boa webserver, which allows remote, unauthenticated attackers to retrieve logs with sensitive system. | [email protected] | 5.3 | 0.44% | 2024-10-21 | 2025-07-07 |
| CVE-2024-40090 | Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Information Disclosure. An information leak in the Boa webserver allows remote, unauthenticated attackers to leak memory addresses of uClibc and the stack via sending a GET request to the index page. | [email protected] | 4.3 | 0.28% | 2024-10-21 | 2025-07-07 |
| CVE-2024-40089 | A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device. | [email protected] | 9.1 | 1.36% | 2024-10-21 | 2025-07-07 |
| CVE-2024-40088 | A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP request. | [email protected] | 5.3 | 0.69% | 2024-10-21 | 2025-07-07 |
| CVE-2024-40087 | Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access over the router. | [email protected] | 9.6 | 0.40% | 2024-10-21 | 2025-07-07 |
| CVE-2024-40084 | A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths. | [email protected] | 9.6 | 0.74% | 2024-10-21 | 2025-07-07 |