logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2024-11666

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2024-11666

Description:
Affected devices beacon to eCharge cloud infrastructure asking if there are any command they should run. This communication is established over an insecure channel since peer verification is disabled everywhere. Therefore, remote unauthenticated users  suitably positioned on the network between an EV charger controller and eCharge infrastructure can execute arbitrary commands with elevated privileges on affected devices. This issue affects cph2_echarge_firmware: through 2.0.4.
Last updated date:
12/03/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
12/03/2024
Reference url to background

https://www.onekey.com/resource/critical-vulnerabilities-in-ev-charging-stations-analysis-of-echarge-controllers

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy