CVE-2021-41291

ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Using the GET parameter in File Manager, unauthenticated attackers can remotely disclose directory content on the affected device.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-5127-3cbd3-1.html Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ecoa:ecs_router_controller-ecs_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecoa:ecs_router_controller-ecs:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:ecoa:riskbuster_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecoa:riskbuster:-:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:ecoa:riskterminator:-:*:*:*:*:*:*:*

Information

Published : 2021-09-30 04:15

Updated : 2021-10-07 11:13


NVD link : CVE-2021-41291

Mitre link : CVE-2021-41291


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

ecoa

  • riskterminator
  • riskbuster
  • riskbuster_firmware
  • ecs_router_controller-ecs
  • ecs_router_controller-ecs_firmware