EIP-2026-101680

PRE-CVE

ECOA Building Automation System - Configuration Download Information Disclosure

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101680. PoCs published by Neurogenesia.

AI-analyzed exploit summary This exploit demonstrates an information disclosure vulnerability in ECOA Building Automation System by downloading sensitive configuration files (syspara.dat and images.dat) via unauthenticated HTTP GET requests, revealing plain-text passwords and system details.

Description

ECOA Building Automation System - Configuration Download Information Disclosure

Exploits (1)

exploitdb WORKING POC
by Neurogenesia · textwebappshardware
https://www.exploit-db.com/exploits/50280

This exploit demonstrates an information disclosure vulnerability in ECOA Building Automation System by downloading sensitive configuration files (syspara.dat and images.dat) via unauthenticated HTTP GET requests, revealing plain-text passwords and system details.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: ECOA Building Automation System (multiple versions including ECS Router Controller, RiskBuster System, etc.)
No auth needed
Prerequisites: Network access to the target system · Target system running vulnerable ECOA software
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026