EUVD-2024-40396

Malicious code in bioql PyPI...

EUVD-2024-40406

Malicious code in bioql PyPI...

CVE-2024-43662

The .exe or .exe CGI binary can be used to upload arbitrary files to /tmp/upload/ or /tmp/ respectively as any user, although the user interface for uploading files is only shown to the iocadmin user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderat...

CVE-2024-43652

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701 Likelihood: Moderate – The binary does not seem to be used by the web interface, ...

CVE-2024-43651 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC models before version 241207101 Likelihood: Moderate – The binary does not seem to be used by the web interface, so it...

CVE-2024-43661

The CVE-2024-43661 entry describes a buffer overflow in the .so library used by iocharger’s AC-model firmware, exploitable by sending a long file path to the .exe CGI binary or .sh CGI script. The vulnerability affects Iocharger firmware before 24120701. Impact is high: the process (likely OCPP)...

CVE-2024-43661 Buffer overflow in <redacted>.so leads to DoS of OCPP service

The .so library, which is used by , is vulnerable to a buffer overflow in the code that handles the deletion of certificates. This buffer overflow can be triggered by providing a long file path to the action of the .exe CGI binary or to the .sh CGI script. This binary or script will write this fi...

CVE-2024-43661 Buffer overflow in <redacted>.so leads to DoS of OCPP service

The .so library, which is used by , is vulnerable to a buffer overflow in the code that handles the deletion of certificates. This buffer overflow can be triggered by providing a long file path to the action of the .exe CGI binary or to the .sh CGI script. This binary or script will write this fi...

CVE-2024-43662 Authenticated arbitrary file upload to /tmp/ and /tmp/upload/

The .exe or .exe CGI binary can be used to upload arbitrary files to /tmp/upload/ or /tmp/ respectively as any user, although the user interface for uploading files is only shown to the iocadmin user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderat...

CVE-2024-43656 A backup can be manipulated and then restored to create arbitrary files inside the <redacted> directory. A CGI script can be added to the web directory this way, allowing for full remote code execution.

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: Moderate – It might be difficult for an attacker to identify the fil...