CVE-2021-41296: ECOA BAS controller - Weak Password Requirements

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-41296

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

ECOA BAS controller - Weak Password Requirements

Source: NVD (National Vulnerability Database)

Vulnerability Description

ECOA BAS controller uses weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

弱口令要求

Source: NVD (National Vulnerability Database)

Vulnerability Title

Ecoa Bas controller 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Ecoa Technologies Corp Ecoa Bas controller是中国Ecoa Technologies Corp公司的一个楼宇自动化控制器。 Ecoa Bas controller存在安全漏洞，该漏洞源于使用一组较弱的默认管理凭据，这些凭据在远程密码攻击中很容易被猜到，并获得对系统的完全控制。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
ECOA	ECS Router Controller ECS (FLASH)	next of 0 ~ unspecified	-
ECOA	RiskBuster Terminator E6L45	next of 0 ~ unspecified	-
ECOA	RiskBuster System RB 3.0.0	next of 0 ~ unspecified	-
ECOA	RiskBuster System TRANE 1.0	next of 0 ~ unspecified	-
ECOA	Graphic Control Software	next of 0 ~ unspecified	-
ECOA	SmartHome II E9246	next of 0 ~ unspecified	-
ECOA	RiskTerminator	next of 0 ~ unspecified	-

II. Public POCs for CVE-2021-41296

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-41296

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same product: ECS Router Controller ECS (FLASH)

Same vendor: ECOA

Same weakness: CWE-521

V. Comments for CVE-2021-41296

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2021-41296

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-41296

III. Intelligence Information for CVE-2021-41296

IV. Related Vulnerabilities

V. Comments for CVE-2021-41296

Leave a comment