{ "CVE_data_meta": { "AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2021-09-30T10:13:00.000Z", "ID": "CVE-2021-41301", "STATE": "PUBLIC", "TITLE": "ECOA BAS controller - Exposure of Sensitive Information to an Unauthorized Actor" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ECS Router Controller ECS (FLASH)", "version": { "version_data": [ { "version_affected": "?>", "version_value": "0" } ] } }, { "product_name": "RiskBuster Terminator E6L45", "version": { "version_data": [ { "version_affected": "?>", "version_value": "0" } ] } }, { "product_name": "RiskBuster System RB 3.0.0", "version": { "version_data": [ { "version_affected": "?>", "version_value": "0" } ] } }, { "product_name": "RiskBuster System TRANE 1.0", "version": { "version_data": [ { "version_affected": "?>", "version_value": "0" } ] } }, { "product_name": "Graphic Control Software", "version": { "version_data": [ { "version_affected": "?>", "version_value": "0" } ] } }, { "product_name": "SmartHome II E9246", "version": { "version_data": [ { "version_affected": "?>", "version_value": "0" } ] } }, { "product_name": "RiskTerminator", "version": { "version_data": [ { "version_affected": "?>", "version_value": "0" } ] } } ] }, "vendor_name": "ECOA" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. This will enable the unauthenticated attacker to remotely disclose sensitive information and help her in authentication bypass, privilege escalation and full system access." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-200 Information Exposure" } ] } ] }, "references": { "reference_data": [ { "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-5137-730a6-1.html", "name": "https://www.twcert.org.tw/tw/cp-132-5137-730a6-1.html" } ] }, "solution": [ { "lang": "eng", "value": "Contact tech support from ECOA." } ], "source": { "advisory": "TVN-202109017", "discovery": "EXTERNAL" } }