EUVD-2024-40404

Malicious code in bioql PyPI...

EUVD-2024-40401

Malicious code in bioql PyPI...

CVE-2024-43658

CVE-2024-43658 concerns Iocharger Home firmware prior to 25010801. The issue is a patch traversal/external control of file name or path vulnerability that allows an authenticated attacker to delete arbitrary files on the charging station, potentially removing binaries and compromising integrity a...

CVE-2024-43657 When uploading new firmware, a shell script inside a firmware file is executed during its processing. This can be used to craft a custom firmware file with a custom script with arbitrary code, which will then be executed on the charging station.

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: High. However, the attacker will need a low privilege account to gai...

CVE-2024-43660

The CVE-2024-43660 issue affects Iocharger AC model chargers running firmware before 24120701. A CGI script (.sh) can be abused to download arbitrary files from the device filesystem (e.g., /etc/shadow, script source, binaries, config files). Attack is network-exposed and can be executed with low...

CVE-2024-43663 Buffer overflow vulnerabilities in CGI scripts lead to segfault

There are many buffer overflow vulnerabilities present in several CGI binaries of the charging station.This issue affects Iocharger firmware for AC model chargers beforeversion 24120701. Likelihood: High – Given the prevalence of these buffer overflows, and the clear error message of the web...