Every CVE whose affected-product data names Ecoa Riskterminator, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2021-41290 — CVSS 9.8 (critical): ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated…
CVE-2021-41292 — CVSS 9.8 (critical): ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely…
CVE-2021-41296 — CVSS 9.8 (critical): ECOA BAS controller uses weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full…
CVE-2021-41299 — CVSS 9.8 (critical): ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain…
CVE-2021-41300 — CVSS 9.8 (critical): ECOA BAS controller’s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page…
CVE-2021-41301 — CVSS 9.8 (critical): ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET…
CVE-2021-41294 — CVSS 9.1 (critical): ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files deletion. Using the specific GET parameter…
CVE-2021-41297 — CVSS 8.8 (high): ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by…
CVE-2021-41298 — CVSS 8.8 (high): ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects…
CVE-2021-41295 — CVSS 8.8 (high): ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a…
CVE-2021-41293 — CVSS 7.5 (high): ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Using the specific POST parameter…
CVE-2021-41291 — CVSS 7.5 (high): ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Using the GET parameter in File Manager…
CVE-2021-41302 — CVSS 7.3 (high): ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user…