ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s privilege.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-5138-d40ae-1.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
|
Information
Published : 2021-09-30 04:15
Updated : 2022-08-12 10:48
NVD link : CVE-2021-41302
Mitre link : CVE-2021-41302
JSON object : View
CWE
CWE-312
Cleartext Storage of Sensitive Information
Products Affected
ecoa
- riskterminator
- riskbuster
- riskbuster_firmware
- ecs_router_controller-ecs
- ecs_router_controller-ecs_firmware