CVE-2024-43656

Name of the Vulnerable Software and Affected Versions Iocharger firmware for AC model chargers versions prior to 24120701

Description The issue is related to improper neutralization of special elements used in a command, allowing OS command injection as root. This gives an attacker full control over the charging station, enabling them to add, modify, and delete files and services arbitrarily. The attack can be automated and may have a potential safety impact due to the charger handling significant power. The likelihood of the attack is moderate, requiring an attacker to identify the file structure of a specific directory and modify a backup to add a new CGI script, or convince a user with access to upload a modified backup file.

Recommendations For Iocharger firmware for AC model chargers versions prior to 24120701: Update to a version newer than 24120701 to resolve the issue. As a temporary workaround, consider restricting access to the web interface and limiting user accounts that can restore settings backups to minimize the risk of exploitation. Avoid using the affected firmware until a patch is available. At the moment, there is no information about additional mitigation measures.