漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
ID Charger Connect & Pro - JWT-Null-Algorithm
Vulnerability Description
An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would have. However, an attacker will not have developer or admin rights. If the implementation of the JWT-library is wrongly configured to accept "none"-algorithms, the server will pass insecure JWT. A local, unauthenticated attacker can exploit this vulnerability to bypass the authentication mechanism.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
ID Charger 安全漏洞
Vulnerability Description
Volkswagen Group ID Charger是德国大众(Volkswagen Group)公司的一个家庭全能充电器。 ID Charger Connect & Pro存在安全漏洞,该漏洞源于JWT库的错误实现,未经身份验证的攻击者可以利用此漏洞绕过身份验证机制。
CVSS Information
N/A
Vulnerability Type
N/A