4 matches found
ECOA Building Automation System - Arbitrary File Retrieval
The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information. id: CVE-2021-41293 info: name: ECOA Building Automation...
CVE-2021-41293
creationtimestamp| type| source ---|---|--- 2021-09-30 14:37:58+00:00| seen| https://t.me/cibsecurity/29708 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-41293.yaml 2025-01-26 00:00:00+00:00| seen| The Shadowserver...
CVE-2021-41293
ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Using the specific POST parameter, unauthenticated attackers can remotely disclose arbitrary files on the affected device and disclose sensitive and system information...
CVE-2021-41293
The ECOA Building Automation System (BAS) controller is affected by a path traversal/arbitrary file disclosure vulnerability. Affected component/file: viewlog.jsp; attack vector is via the POST parameter fname, allowing an unauthenticated attacker to disclose arbitrary files and sensitive system ...