ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary code on the affected device.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-5126-ca315-1.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: twcert
Published: 2021-09-30T00:00:00
Updated: 2021-09-30T10:40:49
Reserved: 2021-09-15T00:00:00
Link: CVE-2021-41290
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-30T11:15:07.357
Modified: 2022-10-21T17:46:56.040
Link: CVE-2021-41290
JSON object: View
Redhat Information
No data.