ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files deletion. Using the specific GET parameter, unauthenticated attackers can remotely delete arbitrary files on the affected device and cause denial of service scenario.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.twcert.org.tw/tw/cp-132-5130-7de92-1.html |
History
No history.
MITRE
Status: PUBLISHED
Assigner: twcert
Published: 2021-09-30T10:40:55.828791Z
Updated: 2024-09-17T03:53:41.840Z
Reserved: 2021-09-15T00:00:00
Link: CVE-2021-41294
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-09-30T11:15:07.600
Modified: 2021-10-07T16:47:42.873
Link: CVE-2021-41294
Redhat
No data.