Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-43661

Severity CVSS v4.0:
HIGH
Type:
CWE-121 Stack-based Buffer Overflow
Publication date:
09/01/2025
Last modified:
09/01/2025

Description

The .so library, which is used by , is<br /> vulnerable to a buffer overflow in the code that handles the deletion<br /> of certificates. This buffer overflow can be triggered by providing a<br /> long file path to the action of the .exe CGI binary or<br /> to the .sh CGI script. This binary or script will write this<br /> file path to , which is then<br /> read by .so<br /> <br /> <br /> This issue affects Iocharger firmware for AC models before version 24120701.<br /> <br /> Likelihood: Moderate – An attacker will have to find this exploit by<br /> either obtaining the binaries involved in this vulnerability, or by trial<br /> and error. Furthermore, the attacker will need a (low privilege)<br /> account to gain access to the .exe CGI binary or .sh<br /> script to trigger the vulnerability, or convince a user with such access<br /> send an HTTP request that triggers it.<br /> <br /> <br /> Impact: High – The process, which we assume is<br /> responsible for OCPP communication, will keep crashing after<br /> performing the exploit. This happens because the buffer overflow<br /> causes the process to segfault before<br /> is removed. This means that,<br /> even though is automatically restarted, it will crash<br /> again as soon as it tries to parse the text file.<br /> <br /> CVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). The attack leads to reducred availability of the device (VC:N/VI:N/VA:H). THere is not impact on subsequent systems. (SC:N/SI:N/SA:N). Alltough this device is an EV charger handing significant amounts of power, we do not forsee a safety impact. The attack can be automated (AU:Y). Because the DoS condition is written to disk persistantly, it cannot be recovered by the user (R:I).

Impact

Vector 4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:I CVSS v4.0 Severity and Metrics:

Base Score: 7.10 HIGH
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:I

Attack Vector (AV): Network
Attack Complexity (AC): Low
Attack Requirements (AT): None
Privileges Required (PR): Low
User Interaction (UI): None
Confidentiality (VC): None
Integrity (VI): None
Availability (VA): High
Confidentiality (SC): None
Integrity (SI): None
Availability (SA): None
Automatable (AU): Yes
Recovery (R): Irrecoverable

Base Score 4.0
7.10
Severity 4.0
HIGH
Vector 3.x
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 9.80 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x
9.80
Severity 3.x
CRITICAL

References to Advisories, Solutions, and Tools