CVE-2021-41299

🗓️ 30 Sep 2021 10:41:03Reported by twcertType

ECOA BAS controller has hard-coded credentials in Linux image enabling remote attackers to gain admin privilege

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2021-41299	30 Sep 202114:38	–	circl
CNNVD	Ecoa Bas controller 信任管理问题漏洞	30 Sep 202100:00	–	cnnvd
CNVD	ECOA BAS controller hard-coded credential vulnerability	8 Oct 202100:00	–	cnvd
Cvelist	CVE-2021-41299 ECOA BAS controller - Use of Hard-coded Credentials	30 Sep 202110:41	–	cvelist
EUVD	EUVD-2021-28329	3 Oct 202520:07	–	euvd
NVD	CVE-2021-41299	30 Sep 202111:15	–	nvd
Prion	Hardcoded credentials	30 Sep 202111:15	–	prion
Zero Science Lab	ECOA Building Automation System Hard-coded Credentials SSH Access	8 Sep 202100:00	–	zeroscience

NVD

Node

ecoa ecs_router_controller-ecs_firmwareMatch-

AND

ecoa ecs_router_controller-ecsMatch-

Node

ecoa riskbuster_firmwareMatch-

AND

ecoa riskbusterMatch-

Node

ecoa riskterminatorMatch-

[
  {
    "product": "ECS Router Controller ECS (FLASH)",
    "vendor": "ECOA",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "RiskBuster Terminator E6L45",
    "vendor": "ECOA",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "RiskBuster System RB 3.0.0",
    "vendor": "ECOA",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "RiskBuster System TRANE 1.0",
    "vendor": "ECOA",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Graphic Control Software",
    "vendor": "ECOA",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SmartHome II E9246",
    "vendor": "ECOA",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "RiskTerminator",
    "vendor": "ECOA",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
twcert	www.twcert.org.tw/tw/cp-132-5135-a9f5c-1.html

21 Nov 2024 06:25Current

9.6High risk

Vulners AI Score9.6

CVSS 210

CVSS 3.19.8

EPSS0.01186

CWE-798