Overview
- Description
- ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary code on the affected device.
- Source
- twcert@cert.org.tw
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ecoa:ecs_router_controller-ecs_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E80292D1-E3AD-42B6-A63E-3546010B97A3"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ecoa:ecs_router_controller-ecs:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "541B6C82-F00E-4BFC-9947-A55B2F4EDD06"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ecoa:riskbuster_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "19A28430-AB2B-423F-82D4-FC0E3A6DF335"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ecoa:riskbuster:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "58A6F2A4-A7DA-4A88-B572-917FFC80ADC1"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ecoa:riskterminator:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "841DF575-8E63-4AB4-A6F9-77C28FC65BCE"
}
],
"operator": "OR"
}
]
}
]