Lucene search
+L

269 matches found

CVE
CVE
added 2022/03/21 10:38 a.m.67 views

CVE-2021-45877

CVE-2021-45877 affects multiple GARO Wallbox GLB/GTB/GTC versions; root cause is a hard-coded credential in /etc/tomcat8/tomcat-user.xml that allows attackers to gain authorized access and take full control of Tomcat on port 8000 (Tomcat manager page). The connected sources corroborate the impact...

9.8CVSS9.4AI score0.01082EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/03/21 10:27 a.m.25 views

CVE-2021-45876

Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection. The url parameter of the function module downloadAndUpdate is vulnerable to an command Injection. Unfiltered user input is used to generate code which then gets executed when downloading new firmware...

10AI score0.01464EPSS
Exploits0References1
CVE
CVE
added 2022/03/21 10:27 a.m.87 views

CVE-2021-45876

The CVE-2021-45876 entry concerns GARO Wallbox GLB/GTB/GTC family devices. Root cause: unauthenticated command injection via the url parameter of the downloadAndUpdate function; unfiltered user input is used to generate code that executes during firmware download. Impact is described as high to c...

9.8CVSS9.7AI score0.01464EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/03/21 12:0 a.m.5 views

GARO Wallbox GLB/GTB/GTC 信任管理问题漏洞

The GARO Wallbox GLB/GTB/GTC is an electric vehicle charger from the Swedish company GARO. A security vulnerability exists in the GARO Wallbox GLB/GTB/GTC that originates from the presence of a hard-coded credential in /etc/tomcat8/tomcat-user.xml. An attacker can use this vulnerability to gain...

9.8CVSS8.4AI score0.01082EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/03/21 12:0 a.m.5 views

GARO Wallbox GLB/GTB/GTC 访问控制错误漏洞

The GARO Wallbox GLB/GTB/GTC is an electric vehicle charger from the Swedish company GARO. A security vulnerability exists in the GARO Wallbox GLB/GTB/GTC that stems from incorrect access control on the software web manager page. An attacker could use this vulnerability to view and modify...

9.1CVSS8.3AI score0.01068EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/03/21 12:0 a.m.4 views

GARO Wallbox GLB/GTB/GTC 命令注入漏洞

The GARO Wallbox GLB/GTB/GTC is an electric vehicle charger from the Swedish company GARO. A security vulnerability exists in the GARO Wallbox GLB/GTB/GTC that stems from the url parameter of the function module downloadAndUpdate being susceptible to command injection. Unfiltered user input...

9.8CVSS8.4AI score0.01464EPSS
Exploits0References2
OSV
OSV
added 2022/01/28 8:15 p.m.4 views

CVE-2021-22820

A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password. Affected Products: EVlink City EVC1S22P4...

9.8CVSS7.3AI score0.01084EPSS
Exploits0References1
NVD
NVD
added 2022/01/28 8:15 p.m.33 views

CVE-2021-22821

A CWE-918 Server-Side Request Forgery SSRF vulnerability exists that could cause the station web server to forward requests to unintended network targets when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All...

8.6CVSS0.00823EPSS
Exploits0References1
NVD
NVD
added 2022/01/28 8:15 p.m.22 views

CVE-2021-22822

A CWE-79 Improper Neutralization of Input During Web Page Generation �Cross-site Scripting� vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the chargi...

6.1CVSS0.00562EPSS
Exploits0References1
OSV
OSV
added 2022/01/28 8:15 p.m.1 views

CVE-2021-22822

A CWE-79 Improper Neutralization of Input During Web Page Generation �Cross-site Scripting� vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the chargi...

6.1CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2022/01/28 8:15 p.m.3 views

CVE-2021-22821

A CWE-918 Server-Side Request Forgery SSRF vulnerability exists that could cause the station web server to forward requests to unintended network targets when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All...

8.6CVSS5.8AI score0.00823EPSS
Exploits0References1
NVD
NVD
added 2022/01/28 8:15 p.m.27 views

CVE-2021-22818

A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All versions prior to R8...

7.5CVSS0.01005EPSS
Exploits0References1
OSV
OSV
added 2022/01/28 8:15 p.m.3 views

CVE-2021-22818

A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All versions prior to R8...

7.5CVSS7.1AI score0.01005EPSS
Exploits0References1
NVD
NVD
added 2022/01/28 8:15 p.m.17 views

CVE-2021-22819

A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All...

4.3CVSS0.00651EPSS
Exploits0References1
OSV
OSV
added 2022/01/28 8:15 p.m.4 views

CVE-2021-22725

A CVE-352 Cross-Site Request Forgery CSRF vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22...

8.8CVSS5.8AI score0.00468EPSS
Exploits0References1
NVD
NVD
added 2022/01/28 8:15 p.m.22 views

CVE-2021-22725

A CVE-352 Cross-Site Request Forgery CSRF vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22...

8.8CVSS0.00468EPSS
Exploits0References1
OSV
OSV
added 2022/01/28 8:15 p.m.7 views

CVE-2021-22724

A CVE-352 Cross-Site Request Forgery CSRF vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22...

8.8CVSS5.8AI score0.00468EPSS
Exploits0References1
Prion
Prion
added 2022/01/28 8:15 p.m.27 views

Authentication flaw

A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All versions prior to R8...

5CVSS7.6AI score0.01005EPSS
Exploits0References1Affected Software6
Prion
Prion
added 2022/01/28 8:15 p.m.16 views

Cross site scripting

A CWE-79 Improper Neutralization of Input During Web Page Generation ?Cross-site Scripting? vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the chargi...

4.3CVSS6.2AI score0.00562EPSS
Exploits0References1Affected Software6
Prion
Prion
added 2022/01/28 8:15 p.m.20 views

Input validation

A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All...

4.3CVSS4.7AI score0.00651EPSS
Exploits0References1Affected Software6
Rows per page
Query Builder