Lucene search
+L

CVE-2021-41292

🗓️ 30 Sep 2021 10:40:52Reported by twcertType 
cve
 cve
🔗 web.nvd.nist.gov👁 62 Views🌐 WEB

ECOA BAS controller authentication bypass vulnerabilit

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2021-41292
30 Sep 202110:13
attackerkb
Circl
CVE-2021-41292
30 Sep 202114:37
circl
CNNVD
Ecoa Bas controller 授权问题漏洞
30 Sep 202100:00
cnnvd
CNVD
ECOA BAS controller authentication bypass vulnerability
8 Oct 202100:00
cnvd
Cvelist
CVE-2021-41292 ECOA BAS controller - Broken Authentication
30 Sep 202110:40
cvelist
EUVD
EUVD-2021-28322
3 Oct 202520:07
euvd
NVD
CVE-2021-41292
30 Sep 202111:15
nvd
Prion
Authentication flaw
30 Sep 202111:15
prion
Zero Science Lab
ECOA Building Automation System Cookie Poisoning Authentication Bypass
8 Sep 202100:00
zeroscience
[
  {
    "product": "ECS Router Controller ECS (FLASH)",
    "vendor": "ECOA",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "RiskBuster Terminator E6L45",
    "vendor": "ECOA",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "RiskBuster System RB 3.0.0",
    "vendor": "ECOA",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "RiskBuster System TRANE 1.0",
    "vendor": "ECOA",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Graphic Control Software",
    "vendor": "ECOA",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SmartHome II E9246",
    "vendor": "ECOA",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "RiskTerminator",
    "vendor": "ECOA",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 0",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
fnamequery parammenu.jspAuthentication bypass via cookie poisoning allowing bypass of authentication and disclosure of sensitive information.CWE-287CWE-288
timequery parammenu.jspAuthentication bypass via cookie poisoning allowing bypass of authentication and disclosure of sensitive information.CWE-287CWE-288

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 04:08Current
9.2High risk
Vulners AI Score9.2
CVSS 26.4
CVSS 3.19.1 - 9.8
EPSS0.01134
62