Path Traversal Content Disclosure Vulnerability in ECOA BAS Controller
CVE-2021-41291 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Using the GET parameter in File Manager, unauthenticated attackers can remotely disclose directory content on the affected device.
Learn more about our Web Application Penetration Testing UK.