Vulnerabilities > Ecoa > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-30 | CVE-2021-41290 | Path Traversal vulnerability in Ecoa products ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. | 9.8 |
| 2021-09-30 | CVE-2021-41299 | Use of Hard-coded Credentials vulnerability in Ecoa products ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in. | 10.0 |
| 2021-09-30 | CVE-2021-41301 | Authorization Bypass Through User-Controlled Key vulnerability in Ecoa products ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. | 10.0 |