Identifying vulnerable Boa web servers

8 February 2023
1 min Read
Lauren Palmer
Start Free Trial

The Boa web server - what is it?

The Boa Web Server was discontinued in 2005, but was a popular web server embedded in IoT devices to access configuration settings.

Why should we be concerned?

Microsoft recently did a survey (Vulnerable SDK components lead to supply chain risks in IoT and OT environments) and found over 1 million Boa web servers exposed on the internet. This is even more concerning given Boa has vulnerabilities that won’t be patched, including:

The CVE Program is maintained by the MITRE corporation and sponsored by the U.S. Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA). The CVE List is a list of publicly disclosed cyber security vulnerabilities and exposures that is free to search, use, and incorporate into products and services. - Mitre

TechCrunch highlighted in a November 2022 article that supply chains are at risk because of IoT Devices running Boa Web Server, which could leave Critical National Infrastructure open to attacks.

Don’t worry - use FractalScan Surface to manage your attack surface

FractalScan Surface now identifies Boa Web Servers when it scans your online attack surface and will alert you to any risks it finds.

Boa Web Server Component in FractalScan

About Lauren Palmer
Lauren is a Software Engineer with 5 years of experience problem solving and developing solutions for customers. Her skill set ranges from digital signal processing to web development. At Red Maple Lauren has been focused on the development of products to protect companies from cyber threats.
Lauren Palmer

FractalScan Surface is trusted by companies worldwide

Which? Consumers' Association logo Haas Automation Inc. logo VTS logo Bland Group logo DIGI2AL logo Tyburn logo University of Gibraltar logo IONOS logo Kiris logo Xdia logo Varadius logo

What our customers say