Home/Product/ecoa ecs router controller ecs firmware
Product

ecoa ecs router controller ecs firmware

13 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2021-41302
all versions
ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query use
7.3HIGH
 CVE-2021-41301
all versions
ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an
9.8CRITICAL
 CVE-2021-41300
all versions
ECOA BAS controller’s special page displays user account and passwords in plain text, thus unauthenticated attackers can access
9.8CRITICAL
 CVE-2021-41299
all versions
ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain
9.8CRITICAL
 CVE-2021-41298
all versions
ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to o
8.8HIGH
 CVE-2021-41297
all versions
ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by
8.8HIGH
 CVE-2021-41296
all versions
ECOA BAS controller uses weak set of default administrative credentials that can be easily guessed in remote password attacks and
9.8CRITICAL
 CVE-2021-41295
all versions
ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged reques
8.8HIGH
 CVE-2021-41294
all versions
ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files deletion. Using the specific GET paramete
9.1CRITICAL
 CVE-2021-41293
all versions
ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Using the specific POST param
7.5HIGH
 CVE-2021-41292
all versions
ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can
9.8CRITICAL
 CVE-2021-41291
all versions
ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Using the GET parameter in File Manager, unaut
7.5HIGH
 CVE-2021-41290
all versions
ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthentica
9.8CRITICAL
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh