CVE-2023-30399

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GARO Wallbox GLB/GTB/GTC versions prior to v189

Description The issue concerns insecure permissions in the settings page, allowing attackers to redirect users to a crafted update package link via a man-in-the-middle attack.

Recommendations For versions prior to v189, update to version v189 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings page to minimize the risk of exploitation.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2023-30399

Affected Products

Garo Wallbox

CVE-2023-30399

Weakness Enumeration

Related Identifiers

Affected Products

References · 6