9.8
CVE-2021-41296
- EPSS 0.23%
- Veröffentlicht 30.09.2021 11:15:07
- Zuletzt bearbeitet 21.11.2024 06:25:59
- Quelle twcert@cert.org.tw
- CVE-Watchlists
- Unerledigt
LoginECOA BAS controller uses weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ecoa ≫ Ecs Router Controller-ecs Firmware Version-
Ecoa ≫ Riskbuster Firmware Version-
Ecoa ≫ Riskterminator Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.427 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| twcert@cert.org.tw | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-521 Weak Password Requirements
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.