28 matches found
EUVD-2024-40394
Malicious code in bioql PyPI...
EUVD-2024-40400
Malicious code in bioql PyPI...
EUVD-2024-40399
Malicious code in bioql PyPI...
Asymmetry Vulnerability and Physical Attacks on Online Map Construction for Autonomous Driving
High-definition maps provide precise environmental information essential for prediction and planning in autonomous driving systems. Due to the high cost of labeling and maintenance, recent research has turned to online HD map construction using onboard sensor data, offering wider coverage and mor...
Impact Analysis of Inference Time Attack of Perception Sensors on Autonomous Vehicles
As a safety-critical cyber-physical system, cybersecurity and related safety issues for Autonomous Vehicles AVs have been important research topics for a while. Among all the modules on AVs, perception is one of the most accessible attack surfaces, as drivers and AVs have no control over the...
CVE-2024-43656
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: Moderate – It might be difficult for an attacker to identify the fil...
CVE-2024-43649
Authenticated command injection in the filename of a .exe request leads to remote code execution as the root user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate – This action is not a common place for command injection vulnerabilities to occur...
CVE-2024-43653
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: Moderate – The binary does not seem to be used by the web interface,...
CVE-2024-43648
Command injection in the parameter of a .exe request leads to remote code execution as the root user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate – This action is not a common place for command injection vulnerabilities to occur. Thus, an...
CVE-2024-43651 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC models before version 241207101 Likelihood: Moderate – The binary does not seem to be used by the web interface, so it...
CVE-2024-43654 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Iocharger firmware for AC models allows OS Command Injection as root This issue affects all Iocharger AC EV charger models on a firmware version before 25010801. Likelihood: Moderate – The binary do...
CVE-2024-43654
CVE-2024-43654 affects Iocharger AC EV charging stations running firmware older than 25010801. The issue is an improper neutralization of a special element used in a command, enabling OS command injection with root privileges. The vulnerability can be exploited via a network-attached interface se...
CVE-2024-43653 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: Moderate – The binary does not seem to be used by the web interface,...
CVE-2024-43649
Summary (CVE-2024-43649) Affected: Iocharger firmware for AC models before version 24120701. Vulnerability: Authenticated command injection in the filename of a .exe request that leads to remote code execution as the root user. Impact: Attacker gains full control over the charging station as root...
CVE-2024-43653 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: Moderate – The binary does not seem to be used by the web interface,...
CVE-2024-43650 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Iocharger firmware for AC models allows OS Command Injection as root This issue affects firmware versions before 24120701. Likelihood: Moderate – The binary does not seem to be used by the web...
CVE-2024-43650 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Iocharger firmware for AC models allows OS Command Injection as root This issue affects firmware versions before 24120701. Likelihood: Moderate – The binary does not seem to be used by the web...
CVE-2024-43655 Any authenticated users can execute OS commands as root using the <redacted>.sh CGI script.
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: Moderate – The attacker will first need to find the name of the...
CVE-2024-43659 Plaintext default credentials in firmware
After gaining access to the firmware of a charging station, a file at can be accessed to obtain default credentials that are the same across all Iocharger AC model EV chargers. This issue affects Iocharger firmware for AC models before firmware version 25010801. The issue is addressed by requirin...
CVE-2024-43656
CVE-2024-43656 affects Iocharger firmware for AC model chargers prior to 24120701. The vulnerability arises from improper neutralization of special elements leading to OS command injection as root when a backup is manipulated and restored, allowing an attacker to create arbitrary files and ultima...