CVE-2024-43663

Name of the Vulnerable Software and Affected Versions Iocharger firmware for AC model chargers versions prior to 24120701

Description The issue is related to multiple buffer overflow vulnerabilities present in several CGI binaries of the charging station. These vulnerabilities can cause a segmentation fault of the CGI binary, leading to a 502 Bad Gateway error. However, a skilled attacker might be able to use one of these buffer overflows to obtain remote code execution. The attack can be executed over any network connection the station is listening to and serves the web interface, and there are no additional security measures in place that need to be circumvented. The attack requires authentication, but the level of authentication is irrelevant. The attack has a small impact on the availability of the device.

Recommendations For Iocharger firmware for AC model chargers versions prior to 24120701, update to a version that includes the fix for the buffer overflow vulnerabilities. As a temporary workaround, consider restricting access to the vulnerable CGI binaries to minimize the risk of exploitation. Avoid using the affected CGI binaries until the issue is resolved.