admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-412xx/CVE-2021-41290.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

169 lines
4.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-41290",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2021-09-30T11:15:07.357",
"lastModified": "2022-10-21T17:46:56.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary code on the affected device."
},
{
"lang": "es",
"value": "El controlador ECOA BAS sufre una vulnerabilidad de escritura de archivos arbitraria y de salto de ruta. usando los par\u00e1metros POST, unos atacantes no autenticados pueden establecer remotamente valores arbitrarios para la ubicaci\u00f3n y el tipo de contenido y conseguir la posibilidad de ejecutar c\u00f3digo arbitrario en el dispositivo afectado"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ecoa:ecs_router_controller-ecs_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E80292D1-E3AD-42B6-A63E-3546010B97A3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ecoa:ecs_router_controller-ecs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "541B6C82-F00E-4BFC-9947-A55B2F4EDD06"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ecoa:riskbuster_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A28430-AB2B-423F-82D4-FC0E3A6DF335"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ecoa:riskbuster:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58A6F2A4-A7DA-4A88-B572-917FFC80ADC1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ecoa:riskterminator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "841DF575-8E63-4AB4-A6F9-77C28FC65BCE"
}
]
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-5126-ca315-1.html",
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink