File Download Vulnerability in Iocharger AC Model Chargers
CVE-2024-43660

7.1HIGH

Key Information:

Vendor

Iocharger

Status
Iocharger Firmware For Ac Models
Vendor
CVE Published:
9 January 2025

What is CVE-2024-43660?

A vulnerability exists in the Iocharger firmware for AC model chargers, allowing an authenticated user to exploit a CGI script that can download any file from the filesystem. This includes potentially sensitive files such as system configuration files and user credentials. The vulnerability demands authentication but is not dependent on the strength of those credentials, making it particularly concerning for environments where access control may be lax. Attackers could execute this exploit remotely over the network, allowing them to automate their attack processes.

Affected Version(s)

Iocharger firmware for AC models 0 < 24120701

References

https://csirt.divd.nl/DIVD-2024-00035/
third-party-advisory
https://csirt.divd.nl/CVE-2024-43660/
third-party-advisory
https://iocharger.com
product

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Wilco van Beijnum
Harm van den Brink (DIVD)
Frank Breedijk (DIVD)
.
CVE-2024-43660 : File Download Vulnerability in Iocharger AC Model Chargers