Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ecs_router_controller\-Ecs_firmware
(Ecoa)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-09-30 | CVE-2021-41300 | ECOA BAS controller’s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page and obtain privilege with full functionality. | Ecs_router_controller\-Ecs_firmware, Riskbuster_firmware, Riskterminator | N/A | ||
| 2021-09-30 | CVE-2021-41301 | ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. This will enable the unauthenticated attacker to remotely disclose sensitive information and help her in authentication bypass, privilege escalation and full system access. | Ecs_router_controller\-Ecs_firmware, Riskbuster_firmware, Riskterminator | N/A | ||
| 2021-09-30 | CVE-2021-41302 | ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s privilege. | Ecs_router_controller\-Ecs_firmware, Riskbuster_firmware, Riskterminator | N/A |