CVE-2021-22707 PoC — Multiple Schneider Electric EVlink Charging Stations 信任管理问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-22707.yaml

Associated Vulnerability

Title:Multiple Schneider Electric EVlink Charging Stations 信任管理问题漏洞 (CVE-2021-22707)
Description:Schneider Electric EVlink Charging Stations是法国施耐德电气（Schneider Electric）公司的一个充电设备 Multiple Schneider Electric EVlink Charging Stations存在信任管理问题漏洞，目前暂无该漏洞的详细信息，详情请关注厂商主页。

Description

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges.

File Snapshot


 id: CVE-2021-22707

info:
  name: EVlink City < R8 V3.4.0.1 - Authentication Bypass
  author: ritikc

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!