CVE-2021-41293

HIGH EXPLOITED NUCLEI

ECOA BAS controller - Path Traversal

Title source: llm

Description

ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Using the specific POST parameter, unauthenticated attackers can remotely disclose arbitrary files on the affected device and disclose sensitive and system information.

Nuclei Templates (1)

ECOA Building Automation System - Arbitrary File Retrieval
HIGHby 0x_Akoko

References (1)

Scores

CVSS v3 7.5
EPSS 0.8965
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2024-01-22
CWE
CWE-22
Status published
Products (3)
ecoa/ecs_router_controller-ecs_firmware
ecoa/riskbuster_firmware
ecoa/riskterminator
Published Sep 30, 2021
Tracked Since Feb 18, 2026