PT-2021-7743 · Unknown · Evlink City+2

Published

2021-07-13

Updated

2021-07-28

CVE-2021-22774

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:P/A:P

Name of the Vulnerable Software and Affected Versions EVlink City versions prior to R8 V3.4.0.1 EVlink Parking versions prior to R8 V3.4.0.1 EVlink Smart Wallbox versions prior to R8 V3.4.0.1

Description A vulnerability exists due to the use of a one-way hash without a salt, which could allow an attacker to obtain knowledge of charging station user account credentials using dictionary attack techniques. This issue affects the EVlink City, EVlink Parking, and EVlink Smart Wallbox products, and could potentially be exploited by a remote attacker to gain user credentials.

Recommendations For EVlink City versions prior to R8 V3.4.0.1, update to version R8 V3.4.0.1 or later to resolve the issue. For EVlink Parking versions prior to R8 V3.4.0.1, update to version R8 V3.4.0.1 or later to resolve the issue. For EVlink Smart Wallbox versions prior to R8 V3.4.0.1, update to version R8 V3.4.0.1 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-916CWE-759

Related Identifiers

BDU:2023-02358

CVE-2021-22774

Affected Products

Evlink City

Evlink Parking

Evlink Smart Wallbox

PT-2021-7743 · Unknown · Evlink City+2

CVE-2021-22774

Weakness Enumeration

Related Identifiers

Affected Products

References · 8