返回 CVE 浏览器

CVE-2007-4915

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0550%

EPSS Percentile37.52th

Published2007年9月17日

Last Modified2026年4月23日

Vulnerability Description

The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long username in an HTTP Basic Authentication request.

Affected Platforms (CPE)

📦

Boa

Boa Webserver

= 0.93.15

References & Advisories

🔗 http://securityreason.com/securityalert/3151

🔗 http://www.gnucitizen.org/projects/router-hacking-challenge/

🔗 http://www.ikkisoft.com/stuff/SN-2007-02.txt

🔗 http://www.securenetwork.it/ricerca/advisory/download/SN-2007-02.txt

🔗 http://www.securityfocus.com/archive/1/479434/100/0/threaded

🔗 http://www.securityfocus.com/archive/1/489009/100/0/threaded

🔗 http://www.securityfocus.com/bid/25676

🔗 https://www.exploit-db.com/exploits/4542

相关漏洞威胁

CVE-2021-353959.8

Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to con...

CVE-2016-95647.5

Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long...

CVE-2007-656310.0

Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly other versions before 2.69, allows user-assisted remote attack...

CVE-2007-633710.0

Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact an...