{"vulnerability": "CVE-2024-43660", "sightings": [{"uuid": "61da2c5b-f852-4f86-baec-5c2293c51b17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43660", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113797527961406275", "content": "", "creation_timestamp": "2025-01-09T08:47:55.626147Z"}, {"uuid": "15a59144-5ffa-496d-a851-031e8dbf6aa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43660", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/113799007314543960", "content": "", "creation_timestamp": "2025-01-09T15:04:09.089680Z"}, {"uuid": "4ed194f5-586b-4a2c-8e7e-fd11d41f411e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43660", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfcagvjtvx27", "content": "", "creation_timestamp": "2025-01-09T08:16:52.930354Z"}, {"uuid": "5eea19e4-bfd3-4d14-9a80-0804a6b8ed9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43660", "type": "seen", "source": "https://t.me/cvedetector/14805", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43660 - Iocharger CGI File Read/Download Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-43660 \nPublished : Jan. 9, 2025, 8:15 a.m. | 40\u00a0minutes ago \nDescription : The CGI script .sh can be used to download any file on the filesystem.  \n  \nThis issue affects Iocharger firmware for AC model chargers beforeversion 24120701.  \n  \nLikelihood: High, but credentials required.  \n  \nImpact: Critical \u2013 The script can be used to download any file on the filesystem, including sensitive files such as /etc/shadow, the CGI script source code or binaries and configuration files.  \n  \nCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/S:P/AU:Y  \nCVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). The confidentiality of all files of the devicd can be compromised (VC:H/VI:N/VA:N).  There is no impact on subsequent systems. (SC:N/SI:N/SA:N). While this device is an EV charger handing significant amounts of power, this attack in isolation does not have a safety impact. The attack can be automated (AU:Y). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T10:13:47.000000Z"}]}