CVE-2021-41301

ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. This will enable the unauthenticated attacker to remotely disclose sensitive information and help her in authentication bypass, privilege escalation and full system access.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.twcert.org.tw/tw/cp-132-5137-730a6-1.html	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:ecoa:ecs_router_controller-ecs_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ecoa:ecs_router_controller-ecs:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:ecoa:riskbuster_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ecoa:riskbuster:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:ecoa:riskterminator:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-09-30 11:15

Updated : 2021-10-07 14:19

NVD link : CVE-2021-41301

Mitre link : CVE-2021-41301

CVE.ORG link : CVE-2021-41301

JSON object : View

Products Affected

ecoa

ecs_router_controller-ecs
riskterminator
ecs_router_controller-ecs_firmware
riskbuster
riskbuster_firmware

CWE

CWE-639

Authorization Bypass Through User-Controlled Key

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2021-41301", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-09-30T11:15:07.977", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-5137-730a6-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-639"}]}, {"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. This will enable the unauthenticated attacker to remotely disclose sensitive information and help her in authentication bypass, privilege escalation and full system access."}, {"lang": "es", "value": "El controlador ECOA BAS es vulnerable a una divulgaci\u00f3n de la configuraci\u00f3n cuando se hace referencia directa a los archivos espec\u00edficos mediante una petici\u00f3n HTTP GET. Esto permitir\u00e1 al atacante no autenticado divulgar remotamente informaci\u00f3n confidencial y le ayudar\u00e1 a omitir la autenticaci\u00f3n, escalar privilegios y conseguir acceso total al sistema"}], "lastModified": "2021-10-07T14:19:03.830", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ecoa:ecs_router_controller-ecs_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E80292D1-E3AD-42B6-A63E-3546010B97A3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ecoa:ecs_router_controller-ecs:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "635093E9-E45C-422E-8F98-D775ABBBCB91"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ecoa:riskbuster_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19A28430-AB2B-423F-82D4-FC0E3A6DF335"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ecoa:riskbuster:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "65970728-0CAC-475F-BFE7-AB8AD3A95754"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ecoa:riskterminator:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "841DF575-8E63-4AB4-A6F9-77C28FC65BCE"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}