CVE-2024-43654

Name of the Vulnerable Software and Affected Versions Iocharger firmware for AC models versions prior to 25010801

Description The issue is related to an improper neutralization of special elements used in a command, allowing OS command injection as root. This gives an attacker full control over the charging station, enabling them to add, modify, and delete files and services arbitrarily. The attack can be automated and may have a potential safety impact due to the charger handling significant power. The likelihood of the attack is moderate, requiring a low-privilege account or convincing a user with such access to execute a crafted HTTP request.

Recommendations For versions prior to 25010801, update the firmware to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the vulnerable binary or disabling any unnecessary features that could be used to exploit this issue. Avoid using the affected firmware until a patch is available. At the moment, there is no information about additional mitigation measures.