Arbitrary File Write and Path Traversal Vulnerability in ECOA BAS Controller

Arbitrary File Write and Path Traversal Vulnerability in ECOA BAS Controller

CVE-2021-41290 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary code on the affected device.

Learn more about our Web Application Penetration Testing UK.