CVE-2021-41302

ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s privilege.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-5138-d40ae-1.html Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ecoa:ecs_router_controller-ecs_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecoa:ecs_router_controller-ecs:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:ecoa:riskbuster_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecoa:riskbuster:-:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:ecoa:riskterminator:-:*:*:*:*:*:*:*

Information

Published : 2021-09-30 04:15

Updated : 2022-08-12 10:48


NVD link : CVE-2021-41302

Mitre link : CVE-2021-41302


JSON object : View

CWE
CWE-312

Cleartext Storage of Sensitive Information

Advertisement

dedicated server usa

Products Affected

ecoa

  • riskterminator
  • riskbuster
  • riskbuster_firmware
  • ecs_router_controller-ecs
  • ecs_router_controller-ecs_firmware