Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ecoa riskterminator - vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-41290
ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary code on the affected devic...
Ecoa Ecs Router Controller-ecs Firmware -
Ecoa Riskbuster Firmware -
Ecoa Riskterminator -
7.5
CVSSv3
CVE-2021-41291
ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Using the GET parameter in File Manager, unauthenticated attackers can remotely disclose directory content on the affected device.
Ecoa Ecs Router Controller-ecs Firmware -
Ecoa Riskbuster Firmware -
Ecoa Riskterminator -
7.5
CVSSv3
CVE-2021-41293
ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Using the specific POST parameter, unauthenticated attackers can remotely disclose arbitrary files on the affected device and disclose sensitive and system information.
Ecoa Ecs Router Controller-ecs Firmware -
Ecoa Riskbuster Firmware -
Ecoa Riskterminator -
9.1
CVSSv3
CVE-2021-41294
ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files deletion. Using the specific GET parameter, unauthenticated attackers can remotely delete arbitrary files on the affected device and cause denial of service scenario.
Ecoa Ecs Router Controller-ecs Firmware -
Ecoa Riskbuster Firmware -
Ecoa Riskterminator -
8.8
CVSSv3
CVE-2021-41295
ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands (GET, POST, PUT, DELETE) to perform arbitrary operations in the system.
Ecoa Ecs Router Controller-ecs Firmware -
Ecoa Riskbuster Firmware -
Ecoa Riskterminator -
8.8
CVSSv3
CVE-2021-41297
ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by disclosing credentials of administrative accounts in plain-text.
Ecoa Ecs Router Controller-ecs Firmware -
Ecoa Riskbuster Firmware -
Ecoa Riskterminator -
8.8
CVSSv3
CVE-2021-41298
ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely bypass authorization...
Ecoa Ecs Router Controller-ecs Firmware -
Ecoa Riskbuster Firmware -
Ecoa Riskterminator -
9.8
CVSSv3
CVE-2021-41299
ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in.
Ecoa Ecs Router Controller-ecs Firmware -
Ecoa Riskbuster Firmware -
Ecoa Riskterminator -
9.8
CVSSv3
CVE-2021-41301
ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. This will enable the unauthenticated malicious user to remotely disclose sensitive information and help her in authentication bypass...
Ecoa Ecs Router Controller-ecs Firmware -
Ecoa Riskbuster Firmware -
Ecoa Riskterminator -
7.3
CVSSv3
CVE-2021-41302
ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s privilege.
Ecoa Ecs Router Controller-ecs Firmware -
Ecoa Riskbuster Firmware -
Ecoa Riskterminator -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »