CVE-2024-43657

Name of the Vulnerable Software and Affected Versions Iocharger firmware for AC model chargers versions prior to 24120701

Description The issue is related to an improper neutralization of special elements used in a command, allowing OS command injection as root. This gives an attacker full control over the charging station, enabling them to add, modify, and delete files and services arbitrarily. The attack can be automated and has a potential safety impact due to the charger handling significant power. Any network interface serving the web UI is vulnerable, and the attack requires low-level authentication but no user interaction.

Recommendations For Iocharger firmware for AC model chargers versions prior to 24120701: Update to version 24120701 or later to resolve the issue. As a temporary workaround, consider restricting access to the action.exe CGI binary to minimize the risk of exploitation. Avoid using the vulnerable firmware until the issue is resolved.