CVE-2024-43652

Name of the Vulnerable Software and Affected Versions Iocharger firmware for AC model chargers versions prior to 24120701

Description The issue is related to an Improper Neutralization of Special Elements used in a Command, also known as a Command Injection vulnerability. This allows an attacker to perform OS Command Injection as the root user, giving them full control over the charging station. The attacker needs a low-privilege account to access the vulnerable binary or convince a user with such access to execute a crafted HTTP request. The impact is critical, as the attacker can arbitrarily add, modify, and delete files and services.

Recommendations For Iocharger firmware for AC model chargers versions prior to 24120701, update to version 24120701 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable binary to minimize the risk of exploitation. Additionally, avoid using the vulnerable interface until the issue is resolved.