daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2021/CVE-2021-41291.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-03-06 12:04:24 -05:00
parent 925f08ff70
commit d743fb7969
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cves/2021/CVE-2021-41291.yaml
View File

@ -4,8 +4,9 @@ info:
name: ECOA Building Automation System - Directory Traversal Content Disclosure name: ECOA Building Automation System - Directory Traversal Content Disclosure
author: gy741 author: gy741
severity: high severity: high
description: The BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device description: The ECOA BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device
reference: reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-41291
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5670.php - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5670.php
- https://www.twcert.org.tw/en/cp-139-5140-6343c-2.html - https://www.twcert.org.tw/en/cp-139-5140-6343c-2.html
tags: cve,cve2021,ecoa,lfi,traversal tags: cve,cve2021,ecoa,lfi,traversal
@ -25,3 +26,5 @@ requests:
- type: regex - type: regex
regex: regex:
- "root:.*:0:0:" - "root:.*:0:0:"
# Enhanced by mp on 2022/03/06