Описание
ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary code on the affected device.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:ecoa:ecs_router_controller-ecs_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecoa:ecs_router_controller-ecs:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:ecoa:riskbuster_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecoa:riskbuster:-:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:a:ecoa:riskterminator:-:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.01816
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-434
CWE-22
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary code on the affected device.
EPSS
Процентиль: 82%
0.01816
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-434
CWE-22