2 matches found
CVE-2021-41291
ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Using the GET parameter in File Manager, unauthenticated attackers can remotely disclose directory content on the affected device...
CVE-2021-41291
CVE-2021-41291 affects ECOA Building Automation System BAS controllers. A directory-traversal vulnerability allows unauthenticated remote disclosure of device file contents by abusing the GET parameter (cpath in File Manager or fmangersub). Documented impact is disclosure of sensitive information...