Command Injection Vulnerability in Iocharger Firmware for AC Model Chargers
CVE-2024-43652

9.3CRITICAL

Key Information:

Vendor

Iocharger

Status
Iocharger Firmware For Ac Chargers
Vendor
CVE Published:
9 January 2025

What is CVE-2024-43652?

A command injection vulnerability present in the Iocharger firmware for AC model chargers prior to version 24120701 allows an attacker to execute arbitrary commands with root privileges. This vulnerability necessitates that an attacker has low-level access and can exploit a crafted HTTP request, making it moderately accessible. If exploited, this issue grants the attacker full control over the charging station, enabling them to add, modify, or delete files and services, potentially compromising the overall security of the system.

Affected Version(s)

Iocharger firmware for AC chargers 0 < 24120701

References

https://csirt.divd.nl/DIVD-2024-00035/
third-party-advisory
https://csirt.divd.nl/CVE-2024-43652/
third-party-advisory
https://iocharger.com
product

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Wilco van Beijnum
Harm van den Brink (DIVD)
Frank Breedijk (DIVD)
.