Unrated severityNVD Advisory· Published Sep 30, 2021· Updated Sep 17, 2024
ECOA BAS controller - Broken Authentication
CVE-2021-41292
Description
ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and buildings and manipulate HVAC.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: next of 0
Patches
Vulnerability mechanics
References
1- www.twcert.org.tw/tw/cp-132-5128-b075a-1.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.