Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
EcoaRiskbuster Firmware

3 matches found

CVE
CVEadded 2021/09/30 11:15 a.m.68 views

CVE-2021-41291

ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Using the GET parameter in File Manager, unauthenticated attackers can remotely disclose directory content on the affected device.

7.5CVSS7.5AI score0.88355EPSS
CVE
CVEadded 2021/09/30 11:15 a.m.63 views

CVE-2021-41293

ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Using the specific POST parameter, unauthenticated attackers can remotely disclose arbitrary files on the affected device and disclose sensitive and system information.

7.5CVSS7.5AI score0.88502EPSS
In wild
CVE
CVEadded 2021/09/30 11:15 a.m.44 views

CVE-2021-41302

ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s privilege.

7.3CVSS7.3AI score0.00163EPSS