mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
161 lines
6.1 KiB
JSON
161 lines
6.1 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"AKA": "TWCERT/CC",
|
|
"ASSIGNER": "cve@cert.org.tw",
|
|
"DATE_PUBLIC": "2021-09-30T10:13:00.000Z",
|
|
"ID": "CVE-2021-41301",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "ECOA BAS controller - Exposure of Sensitive Information to an Unauthorized Actor"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "ECS Router Controller ECS (FLASH)",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "?>",
|
|
"version_value": "0"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "RiskBuster Terminator E6L45",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "?>",
|
|
"version_value": "0"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "RiskBuster System RB 3.0.0",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "?>",
|
|
"version_value": "0"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "RiskBuster System TRANE 1.0",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "?>",
|
|
"version_value": "0"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Graphic Control Software",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "?>",
|
|
"version_value": "0"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "SmartHome II E9246",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "?>",
|
|
"version_value": "0"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "RiskTerminator",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "?>",
|
|
"version_value": "0"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "ECOA"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. This will enable the unauthenticated attacker to remotely disclose sensitive information and help her in authentication bypass, privilege escalation and full system access."
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.0.9"
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"version": "3.1"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-200 Information Exposure"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://www.twcert.org.tw/tw/cp-132-5137-730a6-1.html",
|
|
"name": "https://www.twcert.org.tw/tw/cp-132-5137-730a6-1.html"
|
|
}
|
|
]
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Contact tech support from ECOA."
|
|
}
|
|
],
|
|
"source": {
|
|
"advisory": "TVN-202109017",
|
|
"discovery": "EXTERNAL"
|
|
}
|
|
} |