What is CVE-2021-41301?

CVE-2021-41301 is a critical-severity vulnerability in Ecoa Ecs Router Controller (Flash), classified under Information Disclosure. CVSS score: 9.8/10. Published 2021-09-30.

How severe is CVE-2021-41301?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Information disclosure in Ecoa Ecs Router Controller (Flash)

CVE-2021-41301

ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. This will enable the unauthenticated attacker to remotely disclose sensitive information an…

Vulnerability class: Information Disclosure

EPSS: 0.004 (62.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Ecoa Ecs Router Controller (Flash) — versions next of 0
Ecoa Graphic Control Software — versions next of 0
Ecoa Riskbuster System Rb 3.0.0 — versions next of 0
Ecoa Riskbuster System Trane 1.0 — versions next of 0
Ecoa Riskbuster Terminator E6l45 — versions next of 0
Ecoa Riskterminator — versions next of 0
Ecoa Smarthome Ii E9246 — versions next of 0

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

www.twcert.org.tw/tw/cp-132-5137-730a6-1.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-41301?: CVE-2021-41301 is a critical-severity vulnerability in Ecoa Ecs Router Controller (Flash), classified under Information Disclosure. CVSS score: 9.8/10. Published 2021-09-30.
How severe is CVE-2021-41301?: Critical severity. CVSS v3 base score is 9.8 out of 10.