What is CVE-2021-41292?

CVE-2021-41292 is a critical-severity vulnerability in Ecoa Ecs Router Controller (Flash), classified under Authentication Bypass Using an Alternate Path or Channel. CVSS score: 9.8/10. Published 2021-09-30.

How severe is CVE-2021-41292?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Ecoa Ecs Router Controller (Flash)

CVE-2021-41292

ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in…

EPSS: 0.005 (65.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Ecoa Ecs Router Controller (Flash) — versions next of 0
Ecoa Graphic Control Software — versions next of 0
Ecoa Riskbuster System Rb 3.0.0 — versions next of 0
Ecoa Riskbuster System Trane 1.0 — versions next of 0
Ecoa Riskbuster Terminator E6l45 — versions next of 0
Ecoa Riskterminator — versions next of 0
Ecoa Smarthome Ii E9246 — versions next of 0

Weakness classification (CWE)

CWE-288 — Authentication Bypass Using an Alternate Path or Channel

References

www.twcert.org.tw/tw/cp-132-5128-b075a-1.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-41292?: CVE-2021-41292 is a critical-severity vulnerability in Ecoa Ecs Router Controller (Flash), classified under Authentication Bypass Using an Alternate Path or Channel. CVSS score: 9.8/10. Published 2021-09-30.
How severe is CVE-2021-41292?: Critical severity. CVSS v3 base score is 9.8 out of 10.