CVE-2024-43653

Name of the Vulnerable Software and Affected Versions Iocharger firmware for AC model chargers versions prior to 24120701

Description The issue is related to an improper neutralization of special elements used in a command, allowing OS command injection as root. This gives an attacker full control over the charging station, enabling them to add, modify, and delete files and services arbitrarily. The attack can be automated and has a potential safety impact due to the charger handling significant power. The likelihood of the attack is moderate, requiring a low-privilege account or convincing a user with such access to execute a crafted HTTP request.

Recommendations For Iocharger firmware for AC model chargers versions prior to 24120701, update to a version 24120701 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable binary or disabling its use until a patch is available. Avoid using the vulnerable interface until the issue is resolved. At the moment, there is no other information about additional mitigation measures.