Command Injection Vulnerability in Iocharger Firmware for AC Model Chargers
CVE-2024-43656

9.3CRITICAL

Key Information:

Vendor

Iocharger

Status
Iocharger Firmware For Ac Models
Vendor
CVE Published:
9 January 2025

What is CVE-2024-43656?

This vulnerability pertains to the Iocharger firmware for AC model chargers, allowing attackers to exploit improper neutralization of special elements utilized in commands. An attacker can achieve OS command injection with root privileges, leading to full control over the charger. Though it may be challenging to identify and exploit the vulnerabilities due to the file structure and necessary user account permissions, successful exploitation can result in unauthorized modifications, deletions, and addition of files and services. This could compromise not only the charging station itself but also allow intruders to access broader network areas, posing significant security and safety risks.

Affected Version(s)

Iocharger firmware for AC models 0 < 24120701

References

https://csirt.divd.nl/DIVD-2024-00035/
third-party-advisory
https://csirt.divd.nl/CVE-2024-43656/
third-party-advisory
https://iocharger.com
product

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Wilco van Beijnum
Harm van den Brink (DIVD)
Frank Breedijk (DIVD)
.