269 matches found
CVE-2021-45877
CVE-2021-45877 affects multiple GARO Wallbox GLB/GTB/GTC versions; root cause is a hard-coded credential in /etc/tomcat8/tomcat-user.xml that allows attackers to gain authorized access and take full control of Tomcat on port 8000 (Tomcat manager page). The connected sources corroborate the impact...
CVE-2021-45876
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection. The url parameter of the function module downloadAndUpdate is vulnerable to an command Injection. Unfiltered user input is used to generate code which then gets executed when downloading new firmware...
CVE-2021-45876
The CVE-2021-45876 entry concerns GARO Wallbox GLB/GTB/GTC family devices. Root cause: unauthenticated command injection via the url parameter of the downloadAndUpdate function; unfiltered user input is used to generate code that executes during firmware download. Impact is described as high to c...
GARO Wallbox GLB/GTB/GTC 信任管理问题漏洞
The GARO Wallbox GLB/GTB/GTC is an electric vehicle charger from the Swedish company GARO. A security vulnerability exists in the GARO Wallbox GLB/GTB/GTC that originates from the presence of a hard-coded credential in /etc/tomcat8/tomcat-user.xml. An attacker can use this vulnerability to gain...
GARO Wallbox GLB/GTB/GTC 访问控制错误漏洞
The GARO Wallbox GLB/GTB/GTC is an electric vehicle charger from the Swedish company GARO. A security vulnerability exists in the GARO Wallbox GLB/GTB/GTC that stems from incorrect access control on the software web manager page. An attacker could use this vulnerability to view and modify...
GARO Wallbox GLB/GTB/GTC 命令注入漏洞
The GARO Wallbox GLB/GTB/GTC is an electric vehicle charger from the Swedish company GARO. A security vulnerability exists in the GARO Wallbox GLB/GTB/GTC that stems from the url parameter of the function module downloadAndUpdate being susceptible to command injection. Unfiltered user input...
CVE-2021-22820
A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password. Affected Products: EVlink City EVC1S22P4...
CVE-2021-22821
A CWE-918 Server-Side Request Forgery SSRF vulnerability exists that could cause the station web server to forward requests to unintended network targets when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All...
CVE-2021-22822
A CWE-79 Improper Neutralization of Input During Web Page Generation �Cross-site Scripting� vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the chargi...
CVE-2021-22822
A CWE-79 Improper Neutralization of Input During Web Page Generation �Cross-site Scripting� vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the chargi...
CVE-2021-22821
A CWE-918 Server-Side Request Forgery SSRF vulnerability exists that could cause the station web server to forward requests to unintended network targets when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All...
CVE-2021-22818
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All versions prior to R8...
CVE-2021-22818
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All versions prior to R8...
CVE-2021-22819
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All...
CVE-2021-22725
A CVE-352 Cross-Site Request Forgery CSRF vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22...
CVE-2021-22725
A CVE-352 Cross-Site Request Forgery CSRF vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22...
CVE-2021-22724
A CVE-352 Cross-Site Request Forgery CSRF vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22...
Authentication flaw
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All versions prior to R8...
Cross site scripting
A CWE-79 Improper Neutralization of Input During Web Page Generation ?Cross-site Scripting? vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the chargi...
Input validation
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All...