ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Using the specific POST parameter, unauthenticated attackers can remotely disclose arbitrary files on the affected device and disclose sensitive and system information.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-5129-7e623-1.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: twcert
Published: 2021-09-30T00:00:00
Updated: 2021-09-30T10:40:54
Reserved: 2021-09-15T00:00:00
Link: CVE-2021-41293
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-30T11:15:07.540
Modified: 2021-10-07T16:46:15.313
Link: CVE-2021-41293
JSON object: View
Redhat Information
No data.
CWE