9.3
CVE-2024-43651 - Authenticated command injection in the <redacted> action leads to full remote code execution as roo…
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC models before version 241207101 Likelihood: Moderate – The <redacted> binary does not seem to be used by the web interf…
7.2
CVE-2024-43658 - Using the <redacted> action or <redacted>.sh script, arbitrary files and directories can be deleted…
Patch traversal, External Control of File Name or Path vulnerability in Iocharger Home allows deletion of arbitrary files This issue affects Iocharger firmware for AC model before firmware version 25010801. Likelihood: High, but requires authentication Impact: Critical – The vulnerability can be…
9.3
CVE-2024-43654 - Authenticated command injection in the <redacted> action leads to full remote code execution as roo…
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Iocharger firmware for AC models allows OS Command Injection as root This issue affects all Iocharger AC EV charger models on a firmware version before 25010801. Likelihood: Moderate – The <redact…
9.3
CVE-2024-43649 - Authenticated command injection via <redacted>.exe <redacted> parameter
Authenticated command injection in the filename of a <redacted>.exe request leads to remote code execution as the root user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate – This action is not a common place for command injection vulnerabilities …
7.1
CVE-2024-43660 - Arbitrary file download using <redacted>.sh
The CGI script <redacted>.sh can be used to download any file on the filesystem. This issue affects Iocharger firmware for AC model chargers beforeversion 24120701. Likelihood: High, but credentials required. Impact: Critical – The script can be used to download any file on the filesystem, inclu…
9.3
CVE-2024-43653 - Authenticated command injection in the <redacted> action leads to full remote code execution as roo…
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: Moderate – The <redacted> binary does not seem to be used by the w…
7.1
CVE-2024-43661 - Buffer overflow in <redacted>.so leads to DoS of OCPP service
The <redacted>.so library, which is used by <redacted>, is vulnerable to a buffer overflow in the code that handles the deletion of certificates. This buffer overflow can be triggered by providing a long file path to the <redacted> action of the <redacted>.exe CGI binary or to the <redacted>.sh CGI…
9.3
CVE-2024-43652 - Authenticated command injection in the <redacted> action leads to full remote code execution as roo…
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701 Likelihood: Moderate – The <redacted> binary does not seem to be used by the web…
9.3
CVE-2024-43657 - When uploading new firmware, a shell script inside a firmware file is executed during its processin…
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: High. However, the attacker will need a (low privilege) account to…
9.3
CVE-2024-43648 - Authenticated command injection via <redacted>.exe <redacted> parameter
Command injection in the <redacted> parameter of a <redacted>.exe request leads to remote code execution as the root user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate – This action is not a common place for command injection vulnerabilities to…