CVE-2020-8006
Severity CVSS v4.0:
Pending analysis
Type:
CWE-121
Stack-based Buffer Overflow
Publication date:
12/04/2024
Last modified:
04/11/2025
Description
The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The ocpp1.5 and pwrstudio binaries on the charging station do not use a number of common exploitation mitigations. In particular, there are no stack canaries and they do not use the Position Independent Executable (PIE) format.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:circontrol:raption_server:*:*:*:*:*:*:*:* | 5.11.2 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://circontrol.com/intelligent-charging-solutions/dc-chargers-series/raption-150/
- https://seclists.org/fulldisclosure/2024/Mar/33
- http://seclists.org/fulldisclosure/2024/Mar/33
- https://circontrol.com/intelligent-charging-solutions/dc-chargers-series/raption-150/
- https://seclists.org/fulldisclosure/2024/Mar/33