Path Traversal Content Disclosure Vulnerability in ECOA BAS Controller

CVE-2021-41291 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Using the GET parameter in File Manager, unauthenticated attackers can remotely disclose directory content on the affected device.

Learn more about our Web Application Penetration Testing UK.