ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by disclosing credentials of administrative accounts in plain-text.
References
| Link | Resource |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-5133-f3c4b-1.html | Third Party Advisory |
| https://www.twcert.org.tw/tw/cp-132-5133-f3c4b-1.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
|
History
21 Nov 2024, 06:25
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.twcert.org.tw/tw/cp-132-5133-f3c4b-1.html - Third Party Advisory |
07 Oct 2021, 16:22
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://www.twcert.org.tw/tw/cp-132-5133-f3c4b-1.html - Third Party Advisory | |
| CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 8.8 |
| CPE | cpe:2.3:a:ecoa:riskterminator:-:*:*:*:*:*:*:* cpe:2.3:h:ecoa:riskbuster:-:*:*:*:*:*:*:* cpe:2.3:o:ecoa:riskbuster_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecoa:ecs_router_controller-ecs_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:ecoa:ecs_router_controller-ecs:-:*:*:*:*:*:*:* |
30 Sep 2021, 11:39
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-09-30 11:15
Updated : 2024-11-21 06:25
NVD link : CVE-2021-41297
Mitre link : CVE-2021-41297
CVE.ORG link : CVE-2021-41297
JSON object : View
Products Affected
ecoa
- riskterminator
- ecs_router_controller-ecs_firmware
- riskbuster
- riskbuster_firmware
- ecs_router_controller-ecs
CWE
CWE-522
Insufficiently Protected Credentials