CVE-2021-41302

Summary

ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s privilege.

Affected Software

VendorProductVersion RangeStatus
ECOAECS Router Controller ECS (FLASH)next of 0 < unspecifiedunknown
ECOARiskBuster Terminator E6L45next of 0 < unspecifiedunknown
ECOARiskBuster System RB 3.0.0next of 0 < unspecifiedunknown
ECOARiskBuster System TRANE 1.0next of 0 < unspecifiedunknown
ECOAGraphic Control Softwarenext of 0 < unspecifiedunknown
ECOASmartHome II E9246next of 0 < unspecifiedunknown
ECOARiskTerminatornext of 0 < unspecifiedunknown

Weaknesses

  • CWE-311: CWE-311 Missing Encryption of Sensitive Data

ADP Enrichment

CVE Program Container

Additional References

References