CVE-2024-11666

Name of the Vulnerable Software and Affected Versions cph2 echarge firmware versions through 2.0.4

Description The issue affects devices that communicate with the eCharge cloud infrastructure over an insecure channel, as peer verification is disabled. This allows remote unauthenticated users, suitably positioned on the network between an EV charger controller and eCharge infrastructure, to execute arbitrary commands with elevated privileges on affected devices.

Recommendations For cph2 echarge firmware versions through 2.0.4, update to a version that addresses the peer verification issue to prevent remote attacks. As a temporary workaround, consider restricting network access to the eCharge cloud infrastructure to minimize the risk of exploitation. Restrict access to the affected devices to prevent remote unauthenticated users from executing arbitrary commands with elevated privileges.