After gaining access to the firmware of a charging station, a file at can be accessed to obtain default credentials that are the same across all Iocharger AC model EV chargers.
This issue
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Iocharger firmware for AC models allows OS Command Injection as root
This issue affects all Iochar
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root
This issue affects Iocharger firmware for AC model chargers befor
Authenticated command injection in the filename of a .exe request leads to remote code execution as the root user.
This issue affects Iocharger firmware for AC models before version 2412070
Patch traversal, External Control of File Name or Path vulnerability in Iocharger Home allows deletion of arbitrary files
This issue affects Iocharger firmware for AC model before firmware version 25
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Iocharger firmware for AC models allows OS Command Injection as root
This issue affects firmware
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root
This issue affects Iocharger firmware for AC model chargers befor
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root
This issue affects Iocharger firmware for AC model chargers befor
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root
This issue affects Iocharger firmware for AC model chargers befor
Command injection in the parameter of a .exe request leads to remote code execution as the root user.
This issue affects Iocharger firmware for AC models before version 24120701.
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root
This issue affects Iocharger firmware for AC models before version
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root
This issue affects Iocharger firmware for AC model chargers before
The CGI script .sh can be used to download any file on the filesystem.
This issue affects Iocharger firmware for AC model chargers beforeversion 24120701.
Likelihood: High, but credentials
Vestel AC Charger
version
3.75.0 contains a vulnerability that
could enable an attacker to access files containing sensitive
information, such as credentials which could be used to further
compr
An unauthenticated attacker can obtain EV charger version and firmware upgrading history by knowing the charger ID.
A vulnerability has been identified in Building X - Security Manager Edge Controller (ACC-AP) (All versions). Affected devices do not properly check the integrity of firmware updates. This could allow
System logs could be accessed through web management application due to a lack of access control.
An attacker can obtain the following sensitive information:
• Wi-Fi access point credentials to
An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password.
Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected install
The .exe or .exe CGI binary can be used to upload arbitrary files to /tmp/upload/ or /tmp/ respectively as any user, although the user interface for uploading files is only shown t
Page 1+ Next →