CVE-2021-41296

ECOA BAS controller uses weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-5132-65705-1.html Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ecoa:ecs_router_controller-ecs_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecoa:ecs_router_controller-ecs:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:ecoa:riskbuster_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecoa:riskbuster:-:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:ecoa:riskterminator:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-09-30 11:15

Updated : 2024-02-28 18:48


NVD link : CVE-2021-41296

Mitre link : CVE-2021-41296

CVE.ORG link : CVE-2021-41296


JSON object : View

Products Affected

ecoa

  • ecs_router_controller-ecs_firmware
  • ecs_router_controller-ecs
  • riskterminator
  • riskbuster
  • riskbuster_firmware
CWE
CWE-521

Weak Password Requirements