Skip to main content

Ecs Router Controller Ecs Firmware

13 CVEs product

Monthly

CVE-2021-41302 HIGH This Week

ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s privilege. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ecs Router Controller Ecs Firmware Riskbuster Firmware Riskterminator
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2021-41301 CRITICAL Act Now

ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Authentication Bypass Ecs Router Controller Ecs Firmware Riskbuster Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-41300 CRITICAL Act Now

ECOA BAS controller’s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page and obtain privilege with full functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ecs Router Controller Ecs Firmware Riskbuster Firmware Riskterminator
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-41299 CRITICAL Act Now

ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ecs Router Controller Ecs Firmware Riskbuster Firmware Riskterminator
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-41298 HIGH This Week

ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ecs Router Controller Ecs Firmware Riskbuster Firmware Riskterminator
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-41297 HIGH This Week

ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by disclosing credentials of administrative accounts in plain-text. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ecs Router Controller Ecs Firmware Riskbuster Firmware Riskterminator
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-41296 CRITICAL Act Now

ECOA BAS controller uses weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Ecs Router Controller Ecs Firmware Riskbuster Firmware Riskterminator
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-41295 HIGH This Week

ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands (GET, POST, PUT,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ecs Router Controller Ecs Firmware Riskbuster Firmware Riskterminator
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-41294 CRITICAL Act Now

ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files deletion. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Path Traversal Ecs Router Controller Ecs Firmware Riskbuster Firmware Riskterminator
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-41293 HIGH POC THREAT This Week

ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ecs Router Controller Ecs Firmware Riskbuster Firmware Riskterminator
NVD
CVSS 3.1
7.5
EPSS
20.1%
CVE-2021-41292 CRITICAL Act Now

ECOA BAS controller suffers from an authentication bypass vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ecs Router Controller Ecs Firmware Riskbuster Firmware Riskterminator
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-41291 HIGH POC THREAT This Week

ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ecs Router Controller Ecs Firmware Riskbuster Firmware Riskterminator
NVD
CVSS 3.1
7.5
EPSS
79.4%
CVE-2021-41290 CRITICAL Act Now

ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal File Upload Ecs Router Controller Ecs Firmware Riskbuster Firmware +1
NVD
CVSS 3.1
9.8
EPSS
2.2%
EPSS 0% CVSS 7.3
HIGH This Week

ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s privilege. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ecs Router Controller Ecs Firmware Riskbuster Firmware +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Authentication Bypass +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

ECOA BAS controller’s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page and obtain privilege with full functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ecs Router Controller Ecs Firmware Riskbuster Firmware +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ecs Router Controller Ecs Firmware Riskbuster Firmware +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ecs Router Controller Ecs Firmware Riskbuster Firmware +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by disclosing credentials of administrative accounts in plain-text. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ecs Router Controller Ecs Firmware Riskbuster Firmware +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

ECOA BAS controller uses weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Ecs Router Controller Ecs Firmware +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands (GET, POST, PUT,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ecs Router Controller Ecs Firmware Riskbuster Firmware +1
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files deletion. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Path Traversal Ecs Router Controller Ecs Firmware +2
NVD
EPSS 20% CVSS 7.5
HIGH POC THREAT This Week

ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ecs Router Controller Ecs Firmware Riskbuster Firmware +1
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

ECOA BAS controller suffers from an authentication bypass vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ecs Router Controller Ecs Firmware Riskbuster Firmware +1
NVD
EPSS 79% CVSS 7.5
HIGH POC THREAT This Week

ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ecs Router Controller Ecs Firmware Riskbuster Firmware +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal File Upload +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy