CVE-2024-43661

Name of the Vulnerable Software and Affected Versions Iocharger firmware for AC models versions prior to 24120701

Description The issue is related to a buffer overflow in the code that handles the deletion of certificates. This buffer overflow can be triggered by providing a long file path to the action of the CGI binary or to the CGI script. The binary or script will write this file path to a location that is then read by the .so library. The estimated likelihood of this issue is moderate, as an attacker would need to find this exploit either by obtaining the binaries involved or by trial and error, and also require a low-privilege account to gain access to the CGI binary or script. The impact is high, as the process responsible for OCPP communication will keep crashing after performing the exploit, causing a denial of service.

Recommendations For Iocharger firmware for AC models versions prior to 24120701: As a temporary workaround, consider restricting access to the CGI binary or script to minimize the risk of exploitation. Avoid using long file paths in the action of the CGI binary or script until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.