Vector Strings

Severity Score: 7.5
Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6

Access Vector (AV):
Access Complexity (AC):
Authentication (AU): NONE
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Published Date: 2021-09-30
Last Modified: 2021-10-07

CVE-2021-41291

About:
ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Using the GET parameter in File Manager, unauthenticated attackers can remotely disclose directory content on the affected device.

References

https://www.twcert.org.tw/tw/cp-132-5127-3cbd3-1.html

Related CVEs

No related CVEs.

Empower Your Security Strategy with Rainforest

Discover vulnerabilities early, prioritize critical threats, and protect what truly matters. Rainforest streamlines your security operations, saving you time and reducing costs, so you can focus on what drives your business forward.

Book a Demo