ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and buildings and manipulate HVAC.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-5128-b075a-1.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: twcert
Published: 2021-09-30T00:00:00
Updated: 2021-09-30T10:40:52
Reserved: 2021-09-15T00:00:00
Link: CVE-2021-41292
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-30T11:15:07.477
Modified: 2022-04-25T17:59:48.587
Link: CVE-2021-41292
JSON object: View
Redhat Information
No data.