ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands (GET, POST, PUT, DELETE) to perform arbitrary operations in the system.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ecoa ecs_router_controller-ecs_firmware - |
||
ecoa riskbuster_firmware - |
||
ecoa riskterminator - |