A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The ser
On IROAD V9 devices, Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. A vulnerability in the dashcam's configuration management a
A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploi
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root
This issue affects Iocharger firmware for AC model chargers befor
The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root
This issue affects Iocharger firmware for AC model chargers befor
System logs could be accessed through web management application due to a lack of access control.
An attacker can obtain the following sensitive information:
• Wi-Fi access point credentials to
WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected insta
The WebSocket backend uses charging station identifiers to uniquely
associate sessions but allows multiple endpoints to connect using the
same session identifier. This implementation results in pred
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Iocharger firmware for AC models allows OS Command Injection as root
This issue affects all Iochar
This vulnerability occurs when the system permits multiple simultaneous
connections to the backend using the same charging station ID. This can
result in unauthorized access, data inconsistency, or
Authenticated command injection in the filename of a .exe request leads to remote code execution as the root user.
This issue affects Iocharger firmware for AC models before version 2412070
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root
This issue affects Iocharger firmware for AC model chargers befor
A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signa
After gaining access to the firmware of a charging station, a file at can be accessed to obtain default credentials that are the same across all Iocharger AC model EV chargers.
This issue
Autel MaxiCharger AC Elite Business C50 BLE AppChargingControl Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrar
A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid administrative privileges to execute arbitrary comm
A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station (All versions < F4.11.1), Heliox Mobile DC 40 kW EV Charging Station (All versions < L4.10.1). Affected devices contain im
Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard
administrative means. An attacker with network access to the device can
gai
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive infor
Page 1+ Next →