{"containers":{"cna":{"affected":[{"product":"ECS Router Controller ECS (FLASH)","vendor":"ECOA","versions":[{"lessThan":"unspecified","status":"unknown","version":"next of 0","versionType":"custom"}]},{"product":"RiskBuster Terminator E6L45","vendor":"ECOA","versions":[{"lessThan":"unspecified","status":"unknown","version":"next of 0","versionType":"custom"}]},{"product":"RiskBuster System RB 3.0.0","vendor":"ECOA","versions":[{"lessThan":"unspecified","status":"unknown","version":"next of 0","versionType":"custom"}]},{"product":"RiskBuster System TRANE 1.0","vendor":"ECOA","versions":[{"lessThan":"unspecified","status":"unknown","version":"next of 0","versionType":"custom"}]},{"product":"Graphic Control Software","vendor":"ECOA","versions":[{"lessThan":"unspecified","status":"unknown","version":"next of 0","versionType":"custom"}]},{"product":"SmartHome II E9246","vendor":"ECOA","versions":[{"lessThan":"unspecified","status":"unknown","version":"next of 0","versionType":"custom"}]},{"product":"RiskTerminator","vendor":"ECOA","versions":[{"lessThan":"unspecified","status":"unknown","version":"next of 0","versionType":"custom"}]}],"datePublic":"2021-09-30T00:00:00.000Z","descriptions":[{"lang":"en","value":"ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary code on the affected device."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-434","description":"CWE-434 Unrestricted Upload of File with Dangerous Type","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2021-09-30T10:40:49.000Z","orgId":"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e","shortName":"twcert"},"references":[{"tags":["x_refsource_MISC"],"url":"https://www.twcert.org.tw/tw/cp-132-5126-ca315-1.html"}],"solutions":[{"lang":"en","value":"Contact tech support from ECOA."}],"source":{"advisory":"TVN-202109006","discovery":"EXTERNAL"},"title":"ECOA BAS controller - Path Traversal-1","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"AKA":"TWCERT/CC","ASSIGNER":"cve@cert.org.tw","DATE_PUBLIC":"2021-09-30T10:13:00.000Z","ID":"CVE-2021-41290","STATE":"PUBLIC","TITLE":"ECOA BAS controller - Path Traversal-1"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"ECS Router Controller ECS (FLASH)","version":{"version_data":[{"version_affected":"?>","version_value":"0"}]}},{"product_name":"RiskBuster Terminator E6L45","version":{"version_data":[{"version_affected":"?>","version_value":"0"}]}},{"product_name":"RiskBuster System RB 3.0.0","version":{"version_data":[{"version_affected":"?>","version_value":"0"}]}},{"product_name":"RiskBuster System TRANE 1.0","version":{"version_data":[{"version_affected":"?>","version_value":"0"}]}},{"product_name":"Graphic Control Software","version":{"version_data":[{"version_affected":"?>","version_value":"0"}]}},{"product_name":"SmartHome II E9246","version":{"version_data":[{"version_affected":"?>","version_value":"0"}]}},{"product_name":"RiskTerminator","version":{"version_data":[{"version_affected":"?>","version_value":"0"}]}}]},"vendor_name":"ECOA"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary code on the affected device."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-434 Unrestricted Upload of File with Dangerous Type"}]}]},"references":{"reference_data":[{"name":"https://www.twcert.org.tw/tw/cp-132-5126-ca315-1.html","refsource":"MISC","url":"https://www.twcert.org.tw/tw/cp-132-5126-ca315-1.html"}]},"solution":[{"lang":"en","value":"Contact tech support from ECOA."}],"source":{"advisory":"TVN-202109006","discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T03:08:31.999Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.twcert.org.tw/tw/cp-132-5126-ca315-1.html"}]}]},"cveMetadata":{"assignerOrgId":"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e","assignerShortName":"twcert","cveId":"CVE-2021-41290","datePublished":"2021-09-30T10:40:49.516Z","dateReserved":"2021-09-15T00:00:00.000Z","dateUpdated":"2024-09-16T22:25:25.496Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}