CVE-2024-43658

Name of the Vulnerable Software and Affected Versions Iocharger Home firmware for AC model versions prior to 25010801

Description The issue is related to a patch traversal vulnerability, which allows for external control of file name or path, enabling the deletion of arbitrary files. This can severely impact the integrity and availability of the charging station, as it can be used to delete any file, including binaries necessary for the station's operation. The attack requires authentication but can be automated, and it compromises the integrity and availability of the device.

Recommendations For Iocharger Home firmware for AC model versions prior to 25010801: Update to a version newer than 25010801 to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation. Avoid using the vulnerable firmware until a patch is available. At the moment, there is no information about additional mitigation measures.