PT-2022-10365 · Unknown · Bender/Ebee Charge Controllers

Published

2022-04-27

Updated

2022-05-11

CVE-2021-34601

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Bender/ebee Charge Controllers versions 5.20.1 and below

Description The issue concerns hardcoded credentials in the charge controllers, specifically hardcoded ssh credentials. This could allow an attacker to gain administrative access to the web-UI using the hardcoded password.

Recommendations For versions 5.20.1 and below, consider changing the default ssh credentials to unique and strong passwords as a temporary workaround, and look for an update from the manufacturer that addresses the hardcoded credentials issue.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798CWE-259

Related Identifiers

CVE-2021-34601

Affected Products

Bender/Ebee Charge Controllers

PT-2022-10365 · Unknown · Bender/Ebee Charge Controllers

CVE-2021-34601

Weakness Enumeration

Related Identifiers

Affected Products

References · 3