Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ecs_router_controller\-Ecs_firmware
(Ecoa)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-09-30 | CVE-2021-41291 | ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Using the GET parameter in File Manager, unauthenticated attackers can remotely disclose directory content on the affected device. | Ecs_router_controller\-Ecs_firmware, Riskbuster_firmware, Riskterminator | N/A | ||
| 2021-09-30 | CVE-2021-41290 | ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary code on the affected device. | Ecs_router_controller\-Ecs_firmware, Riskbuster_firmware, Riskterminator | N/A | ||
| 2021-09-30 | CVE-2021-41292 | ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and buildings and manipulate HVAC. | Ecs_router_controller\-Ecs_firmware, Riskbuster_firmware, Riskterminator | 9.1 |