Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Iocharger firmware for AC models — Vulnerabilities & Security Advisories 15

All 15 CVE vulnerabilities found in Iocharger firmware for AC models, with AI-generated Chinese analysis, references, and POCs.

Vendor: Iocharger

CVE IDTitleCVSSSeverityPublished
CVE-2024-43658 Using the <redacted> action or <redacted>.sh script, arbitrary files and directories can be deleted using directory traversal. CWE-27 8.1 -2025-01-09
CVE-2024-43661 Buffer overflow in <redacted>.so leads to DoS of OCPP service CWE-121 7.4 -2025-01-09
CVE-2024-43654 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station CWE-78 8.8 -2025-01-09
CVE-2024-43653 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station CWE-78 8.8 -2025-01-09
CVE-2024-43649 Authenticated command injection via <redacted>.exe <redacted> parameter CWE-78 8.8 -2025-01-09
CVE-2024-43651 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station CWE-78 8.8 -2025-01-09
CVE-2024-43660 Arbitrary file download using <redacted>.sh CWE-552 7.5 -2025-01-09
CVE-2024-43648 Authenticated command injection via <redacted>.exe <redacted> parameter CWE-78 8.8 -2025-01-09
CVE-2024-43657 When uploading new firmware, a shell script inside a firmware file is executed during its processing. This can be used to craft a custom firmware file with a custom script with arbitrary code, which will then be executed on the charging station. CWE-78 7.8 -2025-01-09
CVE-2024-43662 Authenticated arbitrary file upload to /tmp/ and /tmp/upload/ CWE-434 7.0 -2025-01-09
CVE-2024-43656 A backup can be manipulated and then restored to create arbitrary files inside the <redacted> directory. A CGI script can be added to the web directory this way, allowing for full remote code execution. CWE-78 8.8 -2025-01-09
CVE-2024-43663 Buffer overflow vulnerabilities in CGI scripts lead to segfault CWE-121 9.1 -2025-01-09
CVE-2024-43650 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station CWE-78 8.8 -2025-01-09
CVE-2024-43659 Plaintext default credentials in firmware CWE-256 6.8 -2025-01-09
CVE-2024-43655 Any authenticated users can execute OS commands as root using the <redacted>.sh CGI script. CWE-78 6.6 -2025-01-09

All 15 known CVE vulnerabilities affecting Iocharger firmware for AC models with full Chinese analysis, references, and POCs where available.