CVE-2024-43660

Name of the Vulnerable Software and Affected Versions Iocharger firmware for AC model chargers versions prior to 24120701

Description The issue allows an attacker to download any file on the filesystem using the CGI script. This has a critical impact, as sensitive files such as /etc/shadow, the CGI script source code, or binaries and configuration files can be accessed. The attack can be executed over any network connection and requires authentication, but the level of authentication is irrelevant. The confidentiality of all files on the device can be compromised. While this device handles significant amounts of power, the attack in isolation does not have a safety impact. The attack can be automated.

Recommendations For Iocharger firmware for AC model chargers versions prior to 24120701, update to version 24120701 or later to resolve the issue. As a temporary workaround, consider restricting access to the CGI script to minimize the risk of exploitation. Avoid using the CGI script until the issue is resolved.