CVE-2024-43658
Vulnerability from cvelistv5
Published
2025-01-09 07:56
Modified
2025-03-11 13:07
Severity ?
7.2 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y
Summary
Patch traversal, External Control of File Name or Path vulnerability in Iocharger Home allows deletion of arbitrary files This issue affects Iocharger firmware for AC model before firmware version 25010801. Likelihood: High, but requires authentication Impact: Critical – The vulnerability can be used to delete any file on the charging station, severely impacting the integrity of the charging station. Furthermore, the vulnerability could be used to delete binaries required for the functioning of the charging station, severely impacting the availability of the charging station. CVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads compromised of the integrity and availability of the device (VVC:N/VI:H/VA:H), with no effect on subsequent systems (SC:N/SI:N/SA:N). We do not forsee a safety impact (S:N). This attack can be automated (AU:Y).
References
csirt@divd.nlhttps://csirt.divd.nl/CVE-2024-43658/
csirt@divd.nlhttps://csirt.divd.nl/DIVD-2024-00035/
csirt@divd.nlhttps://iocharger.com
Impacted products
Vendor Product Version
Iocharger Iocharger firmware for AC models Version: 0   < 25010801
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-43658",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-01-09T15:21:29.851527Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-01-09T15:22:45.477Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Iocharger firmware for AC models",
               vendor: "Iocharger",
               versions: [
                  {
                     lessThan: "25010801",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "finder",
               value: "Wilco van Beijnum",
            },
            {
               lang: "en",
               type: "analyst",
               value: "Harm van den Brink (DIVD)",
            },
            {
               lang: "en",
               type: "analyst",
               value: "Frank Breedijk (DIVD)",
            },
         ],
         datePublic: "2025-01-09T00:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Patch traversal, External Control of File Name or Path vulnerability in  Iocharger Home allows deletion of arbitrary files<br>This issue affects Iocharger firmware for AC model before firmware version 25010801.<br><br>Likelihood: High, but requires authentication<br><br>Impact: Critical – The vulnerability can be used to delete any file on the charging station, severely impacting the integrity of the charging station. Furthermore, the vulnerability could be used to delete binaries required for the functioning of the charging station, severely impacting the availability of the charging station.<br><br>CVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads compromised of the integrity and availability of the device (V<span style=\"background-color: rgb(255, 255, 255);\">VC:N/VI:H/VA:H</span>), with no effect on subsequent systems (SC:N/SI:N/SA:N). We do not forsee a safety impact (S:N). This attack can be automated (AU:Y).<br>",
                  },
               ],
               value: "Patch traversal, External Control of File Name or Path vulnerability in  Iocharger Home allows deletion of arbitrary files\nThis issue affects Iocharger firmware for AC model before firmware version 25010801.\n\nLikelihood: High, but requires authentication\n\nImpact: Critical – The vulnerability can be used to delete any file on the charging station, severely impacting the integrity of the charging station. Furthermore, the vulnerability could be used to delete binaries required for the functioning of the charging station, severely impacting the availability of the charging station.\n\nCVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads compromised of the integrity and availability of the device (VVC:N/VI:H/VA:H), with no effect on subsequent systems (SC:N/SI:N/SA:N). We do not forsee a safety impact (S:N). This attack can be automated (AU:Y).",
            },
         ],
         impacts: [
            {
               capecId: "CAPEC-165",
               descriptions: [
                  {
                     lang: "en",
                     value: "CAPEC-165 File Manipulation",
                  },
               ],
            },
         ],
         metrics: [
            {
               cvssV4_0: {
                  Automatable: "YES",
                  Recovery: "NOT_DEFINED",
                  Safety: "NEGLIGIBLE",
                  attackComplexity: "LOW",
                  attackRequirements: "NONE",
                  attackVector: "NETWORK",
                  baseScore: 7.2,
                  baseSeverity: "HIGH",
                  privilegesRequired: "LOW",
                  providerUrgency: "NOT_DEFINED",
                  subAvailabilityImpact: "NONE",
                  subConfidentialityImpact: "NONE",
                  subIntegrityImpact: "NONE",
                  userInteraction: "NONE",
                  valueDensity: "NOT_DEFINED",
                  vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y",
                  version: "4.0",
                  vulnAvailabilityImpact: "HIGH",
                  vulnConfidentialityImpact: "NONE",
                  vulnIntegrityImpact: "HIGH",
                  vulnerabilityResponseEffort: "NOT_DEFINED",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-27",
                     description: "CWE-27 Patch traversal",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
            {
               descriptions: [
                  {
                     cweId: "CWE-73",
                     description: "CWE-73 External Control of File Name or Path",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-03-11T13:07:08.000Z",
            orgId: "b87402ff-ae37-4194-9dae-31abdbd6f217",
            shortName: "DIVD",
         },
         references: [
            {
               tags: [
                  "third-party-advisory",
               ],
               url: "https://csirt.divd.nl/DIVD-2024-00035/",
            },
            {
               tags: [
                  "third-party-advisory",
               ],
               url: "https://csirt.divd.nl/CVE-2024-43658/",
            },
            {
               tags: [
                  "product",
               ],
               url: "https://iocharger.com",
            },
         ],
         source: {
            advisory: "DIVD-2024-00035",
            discovery: "EXTERNAL",
         },
         title: "Using the <redacted> action or <redacted>.sh script, arbitrary files and directories can be deleted using directory traversal.",
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b87402ff-ae37-4194-9dae-31abdbd6f217",
      assignerShortName: "DIVD",
      cveId: "CVE-2024-43658",
      datePublished: "2025-01-09T07:56:47.273Z",
      dateReserved: "2024-08-14T09:27:41.769Z",
      dateUpdated: "2025-03-11T13:07:08.000Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2024-43658\",\"sourceIdentifier\":\"csirt@divd.nl\",\"published\":\"2025-01-09T08:15:28.867\",\"lastModified\":\"2025-01-09T08:15:28.867\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Patch traversal, External Control of File Name or Path vulnerability in  Iocharger Home allows deletion of arbitrary files\\nThis issue affects Iocharger firmware for AC model before firmware version 25010801.\\n\\nLikelihood: High, but requires authentication\\n\\nImpact: Critical – The vulnerability can be used to delete any file on the charging station, severely impacting the integrity of the charging station. Furthermore, the vulnerability could be used to delete binaries required for the functioning of the charging station, severely impacting the availability of the charging station.\\n\\nCVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads compromised of the integrity and availability of the device (VVC:N/VI:H/VA:H), with no effect on subsequent systems (SC:N/SI:N/SA:N). We do not forsee a safety impact (S:N). This attack can be automated (AU:Y).\"},{\"lang\":\"es\",\"value\":\"Patch traversal, vulnerabilidad de control externo de nombre de archivo o ruta en Iocharger Home permite la eliminación de archivos arbitrarios Este problema afecta al firmware de Iocharger para el modelo AC anterior a la versión de firmware 25010801. Probabilidad: Alta, pero requiere autenticación Impacto: Crítico: la vulnerabilidad se puede utilizar para eliminar cualquier archivo en la estación de carga, lo que afecta gravemente la integridad de la estación de carga. Además, la vulnerabilidad se podría utilizar para eliminar binarios necesarios para el funcionamiento de la estación de carga, lo que afecta gravemente la disponibilidad de la estación de carga. Aclaración de CVSS: cualquier interfaz de red que sirva a la interfaz de usuario web es vulnerable (AV:N) y no hay medidas de seguridad adicionales para eludir (AC:L), ni el ataque requiere condiciones previas existentes (AT:N). El ataque está autenticado, pero el nivel de autenticación no importa (PR:L), ni se requiere ninguna interacción del usuario (UI:N). El ataque compromete la integridad y disponibilidad del dispositivo (VVC:N/VI:H/VA:H), sin efectos en los sistemas posteriores (SC:N/SI:N/SA:N). No se prevén efectos de seguridad (S:N). Este ataque puede automatizarse (AU:Y).\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"csirt@divd.nl\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:X/V:X/RE:X/U:X\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnerableSystemConfidentiality\":\"NONE\",\"vulnerableSystemIntegrity\":\"HIGH\",\"vulnerableSystemAvailability\":\"HIGH\",\"subsequentSystemConfidentiality\":\"NONE\",\"subsequentSystemIntegrity\":\"NONE\",\"subsequentSystemAvailability\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NEGLIGIBLE\",\"automatable\":\"YES\",\"recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"csirt@divd.nl\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-27\"},{\"lang\":\"en\",\"value\":\"CWE-73\"}]}],\"references\":[{\"url\":\"https://csirt.divd.nl/CVE-2024-43658/\",\"source\":\"csirt@divd.nl\"},{\"url\":\"https://csirt.divd.nl/DIVD-2024-00035/\",\"source\":\"csirt@divd.nl\"},{\"url\":\"https://iocharger.com\",\"source\":\"csirt@divd.nl\"}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-43658\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-09T15:21:29.851527Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-09T15:22:36.122Z\"}}], \"cna\": {\"title\": \"Using the <redacted> action or <redacted>.sh script, arbitrary files and directories can be deleted using directory traversal.\", \"source\": {\"advisory\": \"DIVD-2024-00035\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Wilco van Beijnum\"}, {\"lang\": \"en\", \"type\": \"analyst\", \"value\": \"Harm van den Brink (DIVD)\"}, {\"lang\": \"en\", \"type\": \"analyst\", \"value\": \"Frank Breedijk (DIVD)\"}], \"impacts\": [{\"capecId\": \"CAPEC-165\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-165 File Manipulation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NEGLIGIBLE\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7.2, \"Automatable\": \"YES\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Iocharger\", \"product\": \"Iocharger firmware for AC models\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"25010801\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-01-09T00:00:00.000Z\", \"references\": [{\"url\": \"https://csirt.divd.nl/DIVD-2024-00035/\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://csirt.divd.nl/CVE-2024-43658/\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://iocharger.com\", \"tags\": [\"product\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Patch traversal, External Control of File Name or Path vulnerability in  Iocharger Home allows deletion of arbitrary files\\nThis issue affects Iocharger firmware for AC model before firmware version 25010801.\\n\\nLikelihood: High, but requires authentication\\n\\nImpact: Critical \\u2013 The vulnerability can be used to delete any file on the charging station, severely impacting the integrity of the charging station. Furthermore, the vulnerability could be used to delete binaries required for the functioning of the charging station, severely impacting the availability of the charging station.\\n\\nCVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads compromised of the integrity and availability of the device (VVC:N/VI:H/VA:H), with no effect on subsequent systems (SC:N/SI:N/SA:N). We do not forsee a safety impact (S:N). This attack can be automated (AU:Y).\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Patch traversal, External Control of File Name or Path vulnerability in  Iocharger Home allows deletion of arbitrary files<br>This issue affects Iocharger firmware for AC model before firmware version 25010801.<br><br>Likelihood: High, but requires authentication<br><br>Impact: Critical \\u2013 The vulnerability can be used to delete any file on the charging station, severely impacting the integrity of the charging station. Furthermore, the vulnerability could be used to delete binaries required for the functioning of the charging station, severely impacting the availability of the charging station.<br><br>CVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads compromised of the integrity and availability of the device (V<span style=\\\"background-color: rgb(255, 255, 255);\\\">VC:N/VI:H/VA:H</span>), with no effect on subsequent systems (SC:N/SI:N/SA:N). We do not forsee a safety impact (S:N). This attack can be automated (AU:Y).<br>\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-27\", \"description\": \"CWE-27 Patch traversal\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-73\", \"description\": \"CWE-73 External Control of File Name or Path\"}]}], \"providerMetadata\": {\"orgId\": \"b87402ff-ae37-4194-9dae-31abdbd6f217\", \"shortName\": \"DIVD\", \"dateUpdated\": \"2025-03-11T13:07:08.000Z\"}}}",
         cveMetadata: "{\"cveId\": \"CVE-2024-43658\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-11T13:07:08.000Z\", \"dateReserved\": \"2024-08-14T09:27:41.769Z\", \"assignerOrgId\": \"b87402ff-ae37-4194-9dae-31abdbd6f217\", \"datePublished\": \"2025-01-09T07:56:47.273Z\", \"assignerShortName\": \"DIVD\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.