Ecoa: >> Riskbuster Firmware Security Vulnerabilities
ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in.
CVSS Score
9.8
EPSS Score
0.012
Published
2021-09-30
ECOA BAS controller’s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page and obtain privilege with full functionality.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-09-30
ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. This will enable the unauthenticated attacker to remotely disclose sensitive information and help her in authentication bypass, privilege escalation and full system access.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-09-30
Page 2