Enhancement: cves/2021/CVE-2021-41293.yaml by mp
parent
c002e6c7d5
commit
d58cf407d9
|
@ -1,11 +1,12 @@
|
||||||
id: CVE-2021-41293
|
id: CVE-2021-41293
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: ECOA Building Automation System - LFD
|
name: ECOA Building Automation System - Local File Disclosure
|
||||||
author: 0x_Akoko
|
author: 0x_Akoko
|
||||||
severity: high
|
severity: high
|
||||||
description: The BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.
|
description: The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.
|
||||||
reference:
|
reference:
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-41293
|
||||||
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php
|
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php
|
||||||
- https://www.twcert.org.tw/tw/cp-132-5129-7e623-1.html
|
- https://www.twcert.org.tw/tw/cp-132-5129-7e623-1.html
|
||||||
tags: cve,cve2021,ecoa,lfi,disclosure
|
tags: cve,cve2021,ecoa,lfi,disclosure
|
||||||
|
@ -33,3 +34,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/03/07
|
||||||
|
|
Loading…
Reference in New Issue