Enhancement: cves/2021/CVE-2021-41293.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-03-07 10:36:19 -05:00
parent c002e6c7d5
commit d58cf407d9
1 changed files with 5 additions and 2 deletions

View File

@ -1,11 +1,12 @@
id: CVE-2021-41293 id: CVE-2021-41293
info: info:
name: ECOA Building Automation System - LFD name: ECOA Building Automation System - Local File Disclosure
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: The BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information. description: The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.
reference: reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-41293
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php
- https://www.twcert.org.tw/tw/cp-132-5129-7e623-1.html - https://www.twcert.org.tw/tw/cp-132-5129-7e623-1.html
tags: cve,cve2021,ecoa,lfi,disclosure tags: cve,cve2021,ecoa,lfi,disclosure
@ -33,3 +34,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/03/07