Command Injection Vulnerability in Iocharger Firmware for AC Models
CVE-2024-43650

9.3CRITICAL

Key Information:

Vendor

Iocharger

Status
Iocharger Firmware For Ac Models
Vendor
CVE Published:
9 January 2025

What is CVE-2024-43650?

A command injection vulnerability exists in the firmware of Iocharger AC models, enabling unauthorized execution of operating system commands with root privileges. This flaw can be exploited remotely, provided the attacker has a low-privilege account or convinces an authorized user to send a specially crafted HTTP request. Affected versions include all firmware prior to version 24120701. Exploiting this vulnerability gives attackers full control over the charging station, allowing them to modify, add, or delete critical files and services. Given that this is an electric vehicle charger, successful exploitation may also pose safety risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Iocharger firmware for AC models 0 < 24120701

References

https://csirt.divd.nl/DIVD-2024-00035/
third-party-advisory
https://csirt.divd.nl/CVE-2024-43650/
third-party-advisory
https://iocharger.com
product

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Wilco van Beijnum
Harm van den Brink (DIVD)
Frank Breedijk (DIVD)
JSON
.