CVE-2024-43659

Name of the Vulnerable Software and Affected Versions Iocharger firmware for AC models versions prior to 25010801

Description The issue allows an attacker to obtain default credentials that are the same across all Iocharger AC model EV chargers by accessing a file after gaining access to the firmware of a charging station. The estimated number of potentially affected devices is not provided. The impact of this issue is critical, as it could allow an attacker to log into many Iocharger charging stations and execute arbitrary commands via the System → Custom page. The attack requires high privileges and no user interaction, and it can be automated.

Recommendations For Iocharger firmware for AC models versions prior to 25010801, update the firmware to version 25010801 or later and change the password to prevent unauthorized access. As a temporary workaround, consider restricting access to the System → Custom page until the firmware is updated. Additionally, it is recommended to change the password on older models to ensure security.