Patch Traversal Vulnerability in Iocharger Firmware Affects Multiple Models
CVE-2024-43658

7.2HIGH

Key Information:

Vendor

Iocharger

Status
Iocharger Firmware For Ac Models
Vendor
CVE Published:
9 January 2025

What is CVE-2024-43658?

A patch traversal vulnerability found in the Iocharger Home firmware allows authenticated users to delete arbitrary files from the Iocharger AC model device. This specifically impacts firmware versions prior to 25010801. The ability to delete critical binaries can severely disrupt the integrity and availability of the charging station, rendering it inoperative. Additionally, due to the lack of robust authentication measures, the potential for exploitation via automation increases the risk significantly.

Affected Version(s)

Iocharger firmware for AC models 0 < 25010801

References

https://csirt.divd.nl/DIVD-2024-00035/
third-party-advisory
https://csirt.divd.nl/CVE-2024-43658/
third-party-advisory
https://iocharger.com
product

CVSS V4

Score:
7.2
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Wilco van Beijnum
Harm van den Brink (DIVD)
Frank Breedijk (DIVD)
.