Buffer Overflow Vulnerability in Iocharger Firmware for AC Models
CVE-2024-43661

7.1HIGH

Key Information:

Vendor

Iocharger

Status
Iocharger Firmware For Ac Models
Vendor
CVE Published:
9 January 2025

What is CVE-2024-43661?

A buffer overflow vulnerability exists in the Iocharger firmware for AC models prior to version 24120701. This issue arises when a long file path is provided to the deletion process handled by the associated CGI binary or script. Exploiting this vulnerability can lead to the crash of critical processes responsible for communication, resulting in reduced availability. Attackers may exploit this vulnerability over a network, but they require a low-privilege account to access the affected binaries or convince an authenticated user to trigger the fault. Due to the persistent nature of the denial-of-service condition created by this vulnerability, recovery options for the affected system are significantly limited.

Affected Version(s)

Iocharger firmware for AC models 0 < 24120701

References

https://csirt.divd.nl/DIVD-2024-00035/
third-party-advisory
https://csirt.divd.nl/CVE-2024-43661/
third-party-advisory
https://iocharger.com
product

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Wilco van Beijnum
Harm van den Brink (DIVD)
Frank Breedijk (DIVD)
.