From 16dd5c6e8e620dbebeb34a90c3455d2722ddf107 Mon Sep 17 00:00:00 2001
From: Noam Rathaus <noamr@beyondsecurity.com>
Date: Thu, 14 Oct 2021 16:30:44 +0300
Subject: [PATCH] More reference

---
 vulnerabilities/other/ecoa-building-automation-lfd.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/vulnerabilities/other/ecoa-building-automation-lfd.yaml b/vulnerabilities/other/ecoa-building-automation-lfd.yaml
index 4035606811..0bb7b93633 100644
--- a/vulnerabilities/other/ecoa-building-automation-lfd.yaml
+++ b/vulnerabilities/other/ecoa-building-automation-lfd.yaml
@@ -4,7 +4,9 @@ info:
   author: 0x_Akoko
   severity: high
   description: The BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.
-  reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php
+  reference:
+    - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php
+    - https://www.twcert.org.tw/tw/cp-132-5129-7e623-1.html
   tags: ecoa,lfi,cve-2021-41293
 
 requests: