Buffer Overflow Vulnerabilities in Iocharger AC Model Chargers by Iocharger
CVE-2024-43663

5.3MEDIUM

Key Information:

Vendor

Iocharger

Status
Iocharger Firmware For Ac Models
Vendor
CVE Published:
9 January 2025

What is CVE-2024-43663?

Multiple buffer overflow vulnerabilities exist in various CGI binaries of Iocharger AC model chargers. Affected firmware versions include those prior to 24120701. These vulnerabilities can be exploited remotely over any network connection that the charging station’s web interface listens to. Exploiting these flaws could potentially lead to remote code execution, albeit requiring advanced technical skills due to mitigations like Address Space Layout Randomization (ASLR). While the immediate effect often results in a segmentation fault and a 502 Bad Gateway error, skilled attackers may leverage these vulnerabilities for more severe exploits. Notably, this issue does not pose a safety risk to the charging process.

Affected Version(s)

Iocharger firmware for AC models 0 < 24120701

References

https://csirt.divd.nl/DIVD-2024-00035/
third-party-advisory
https://csirt.divd.nl/CVE-2024-43663/
third-party-advisory
https://iocharger.com
product

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Wilco van Beijnum
Harm van den Brink (DIVD)
Frank Breedijk (DIVD)
.