Stack Write Vulnerability in Intersil isl3893 Extensions for Boa on FreeLan Devices
CVE-2007-4915

Currently unrated

Key Information:

Vendor: Boa
Status: Boa Webserver
Vendor: CVE Published:; 17 September 2007

What is CVE-2007-4915?

The Intersil isl3893 extensions for the Boa web server version 0.93.15 exhibit a serious vulnerability that allows remote attackers to overwrite a portion of the stack. This could lead to unauthorized alterations of the admin password held in memory. The vulnerability permits an attacker to exploit HTTP Basic Authentication by using a long username, ultimately compromising the admin account and potentially gaining further access to the affected device.

References

http://www.securenetwork.it/ricerca/advisory/download/SN-...

x_refsource_MISC

http://www.securityfocus.com/archive/1/489009/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.gnucitizen.org/projects/router-hacking-challenge/

x_refsource_MISC

EPSS Score

78% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2007
Vulnerability Reserved
Sep 17, 2007