2 matches found
CVE-2021-41290
ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary code on the affected device...
CVE-2021-41290
The CVE-2021-41290 entry relates to ECOA BAS controller products (e.g., ECOA ECS Router Controller - ECS (FLASH); ECOA RiskBuster Terminator - E6L45; RB 3.0.0; TRANE 1.0; plus related ECOA software) and describes an arbitrary file write/path traversal vulnerability. Attackers can use POST paramet...