cve-2024-43661
Vulnerability from cvelistv5
Published
2025-01-09 07:56
Modified
2025-03-11 13:07
Severity ?
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:I
Summary
The <redacted>.so library, which is used by <redacted>, is vulnerable to a buffer overflow in the code that handles the deletion of certificates. This buffer overflow can be triggered by providing a long file path to the <redacted> action of the <redacted>.exe CGI binary or to the <redacted>.sh CGI script. This binary or script will write this file path to <redacted>, which is then read by <redacted>.so This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate – An attacker will have to find this exploit by either obtaining the binaries involved in this vulnerability, or by trial and error. Furthermore, the attacker will need a (low privilege) account to gain access to the <redacted>.exe CGI binary or <redacted>.sh script to trigger the vulnerability, or convince a user with such access send an HTTP request that triggers it. Impact: High – The <redacted> process, which we assume is responsible for OCPP communication, will keep crashing after performing the exploit. This happens because the buffer overflow causes the process to segfault before <redacted> is removed. This means that, even though <redacted> is automatically restarted, it will crash again as soon as it tries to parse the text file. CVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). The attack leads to reducred availability of the device (VC:N/VI:N/VA:H). THere is not impact on subsequent systems. (SC:N/SI:N/SA:N). Alltough this device is an EV charger handing significant amounts of power, we do not forsee a safety impact. The attack can be automated (AU:Y). Because the DoS condition is written to disk persistantly, it cannot be recovered by the user (R:I).
References
csirt@divd.nlhttps://csirt.divd.nl/CVE-2024-43661/
csirt@divd.nlhttps://csirt.divd.nl/DIVD-2024-00035/
csirt@divd.nlhttps://iocharger.com
Impacted products
Vendor Product Version
Iocharger Iocharger firmware for AC models Version: 0   < 24120701
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 9.8,
                     baseSeverity: "CRITICAL",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2024-43661",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-01-09T14:40:55.906992Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-01-09T14:41:21.642Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Iocharger firmware for AC models",
               vendor: "Iocharger",
               versions: [
                  {
                     lessThan: "24120701",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "finder",
               value: "Wilco van Beijnum",
            },
            {
               lang: "en",
               type: "analyst",
               value: "Harm van den Brink (DIVD)",
            },
            {
               lang: "en",
               type: "analyst",
               value: "Frank Breedijk (DIVD)",
            },
         ],
         datePublic: "2025-01-09T00:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "The &lt;redacted&gt;.so library, which is used by &lt;redacted&gt;, is\nvulnerable to a buffer overflow in the code that handles the deletion\nof certificates. This buffer overflow can be triggered by providing a\nlong file path to the &lt;redacted&gt; action of the &lt;redacted&gt;.exe CGI binary or\nto the &lt;redacted&gt;.sh CGI script. This binary or script will write this\nfile path to &lt;redacted&gt;, which is then\nread by &lt;redacted&gt;.so\n<br><br>This issue affects Iocharger firmware for AC models before version 24120701.<br><br>Likelihood: Moderate – An attacker will have to find this exploit by\neither obtaining the binaries involved in this vulnerability, or by trial\nand error. Furthermore, the attacker will need a (low privilege)\naccount to gain access to the &lt;redacted&gt;.exe CGI binary or &lt;redacted&gt;.sh\nscript to trigger the vulnerability, or convince a user with such access\nsend an HTTP request that triggers it.\n<br><br>Impact: High – The &lt;redacted&gt; process, which we assume is\nresponsible for OCPP communication, will keep crashing after\nperforming the exploit. This happens because the buffer overflow\ncauses the process to segfault before\n&lt;redacted&gt; is removed. This means that,\neven though &lt;redacted&gt; is automatically restarted, it will crash\nagain as soon as it tries to parse the text file.<br><br>CVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). The attack leads to reducred availability of the device (VC:N/VI:N/VA:H). THere is not impact on subsequent systems. (SC:N/SI:N/SA:N). Alltough this device is an EV charger handing significant amounts of power, we do not forsee a safety impact. The attack can be automated (AU:Y). Because the DoS condition is written to disk persistantly, it cannot be recovered by the user (R:I).<br>",
                  },
               ],
               value: "The <redacted>.so library, which is used by <redacted>, is\nvulnerable to a buffer overflow in the code that handles the deletion\nof certificates. This buffer overflow can be triggered by providing a\nlong file path to the <redacted> action of the <redacted>.exe CGI binary or\nto the <redacted>.sh CGI script. This binary or script will write this\nfile path to <redacted>, which is then\nread by <redacted>.so\n\n\nThis issue affects Iocharger firmware for AC models before version 24120701.\n\nLikelihood: Moderate – An attacker will have to find this exploit by\neither obtaining the binaries involved in this vulnerability, or by trial\nand error. Furthermore, the attacker will need a (low privilege)\naccount to gain access to the <redacted>.exe CGI binary or <redacted>.sh\nscript to trigger the vulnerability, or convince a user with such access\nsend an HTTP request that triggers it.\n\n\nImpact: High – The <redacted> process, which we assume is\nresponsible for OCPP communication, will keep crashing after\nperforming the exploit. This happens because the buffer overflow\ncauses the process to segfault before\n<redacted> is removed. This means that,\neven though <redacted> is automatically restarted, it will crash\nagain as soon as it tries to parse the text file.\n\nCVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). The attack leads to reducred availability of the device (VC:N/VI:N/VA:H). THere is not impact on subsequent systems. (SC:N/SI:N/SA:N). Alltough this device is an EV charger handing significant amounts of power, we do not forsee a safety impact. The attack can be automated (AU:Y). Because the DoS condition is written to disk persistantly, it cannot be recovered by the user (R:I).",
            },
         ],
         impacts: [
            {
               capecId: "CAPEC-607",
               descriptions: [
                  {
                     lang: "en",
                     value: "CAPEC-607 Obstruction",
                  },
               ],
            },
         ],
         metrics: [
            {
               cvssV4_0: {
                  Automatable: "YES",
                  Recovery: "IRRECOVERABLE",
                  Safety: "NOT_DEFINED",
                  attackComplexity: "LOW",
                  attackRequirements: "NONE",
                  attackVector: "NETWORK",
                  baseScore: 7.1,
                  baseSeverity: "HIGH",
                  privilegesRequired: "LOW",
                  providerUrgency: "NOT_DEFINED",
                  subAvailabilityImpact: "NONE",
                  subConfidentialityImpact: "NONE",
                  subIntegrityImpact: "NONE",
                  userInteraction: "NONE",
                  valueDensity: "NOT_DEFINED",
                  vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:I",
                  version: "4.0",
                  vulnAvailabilityImpact: "HIGH",
                  vulnConfidentialityImpact: "NONE",
                  vulnIntegrityImpact: "NONE",
                  vulnerabilityResponseEffort: "NOT_DEFINED",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-121",
                     description: "CWE-121 Exploit Non-Production Interfaces",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-03-11T13:07:04.504Z",
            orgId: "b87402ff-ae37-4194-9dae-31abdbd6f217",
            shortName: "DIVD",
         },
         references: [
            {
               tags: [
                  "third-party-advisory",
               ],
               url: "https://csirt.divd.nl/DIVD-2024-00035/",
            },
            {
               tags: [
                  "third-party-advisory",
               ],
               url: "https://csirt.divd.nl/CVE-2024-43661/",
            },
            {
               tags: [
                  "product",
               ],
               url: "https://iocharger.com",
            },
         ],
         source: {
            advisory: "DIVD-2024-00035",
            discovery: "EXTERNAL",
         },
         title: "Buffer overflow in <redacted>.so leads to DoS of OCPP service",
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b87402ff-ae37-4194-9dae-31abdbd6f217",
      assignerShortName: "DIVD",
      cveId: "CVE-2024-43661",
      datePublished: "2025-01-09T07:56:46.514Z",
      dateReserved: "2024-08-14T09:27:41.769Z",
      dateUpdated: "2025-03-11T13:07:04.504Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2024-43661\",\"sourceIdentifier\":\"csirt@divd.nl\",\"published\":\"2025-01-09T08:15:29.450\",\"lastModified\":\"2025-01-09T15:15:17.937\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The <redacted>.so library, which is used by <redacted>, is\\nvulnerable to a buffer overflow in the code that handles the deletion\\nof certificates. This buffer overflow can be triggered by providing a\\nlong file path to the <redacted> action of the <redacted>.exe CGI binary or\\nto the <redacted>.sh CGI script. This binary or script will write this\\nfile path to <redacted>, which is then\\nread by <redacted>.so\\n\\n\\nThis issue affects Iocharger firmware for AC models before version 24120701.\\n\\nLikelihood: Moderate – An attacker will have to find this exploit by\\neither obtaining the binaries involved in this vulnerability, or by trial\\nand error. Furthermore, the attacker will need a (low privilege)\\naccount to gain access to the <redacted>.exe CGI binary or <redacted>.sh\\nscript to trigger the vulnerability, or convince a user with such access\\nsend an HTTP request that triggers it.\\n\\n\\nImpact: High – The <redacted> process, which we assume is\\nresponsible for OCPP communication, will keep crashing after\\nperforming the exploit. This happens because the buffer overflow\\ncauses the process to segfault before\\n<redacted> is removed. This means that,\\neven though <redacted> is automatically restarted, it will crash\\nagain as soon as it tries to parse the text file.\\n\\nCVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). The attack leads to reducred availability of the device (VC:N/VI:N/VA:H). THere is not impact on subsequent systems. (SC:N/SI:N/SA:N). Alltough this device is an EV charger handing significant amounts of power, we do not forsee a safety impact. The attack can be automated (AU:Y). Because the DoS condition is written to disk persistantly, it cannot be recovered by the user (R:I).\"},{\"lang\":\"es\",\"value\":\"La librería .so, que es utilizada por , es vulnerable a un desbordamiento de búfer en el código que gestiona la eliminación de certificados. Este desbordamiento de búfer se puede activar al proporcionar una ruta de archivo larga a la acción  del binario CGI .exe o al script CGI .sh. Este binario o script escribirá esta ruta de archivo en , que luego es leído por .so. Este problema afecta al firmware de Iocharger para modelos AC anteriores a la versión 24120701. Probabilidad: Moderada: un atacante tendrá que encontrar esta vulnerabilidad obteniendo los binarios involucrados en esta vulnerabilidad o por ensayo y error. Además, el atacante necesitará una cuenta (con poco nivel de privilegios) para obtener acceso al binario CGI .exe o al script .sh para activar la vulnerabilidad, o convencer a un usuario con dicho acceso de que envíe una solicitud HTTP que la active. Impacto: alto: el proceso , que suponemos que es responsable de la comunicación OCPP, seguirá fallando después de ejecutar el exploit. Esto sucede porque el desbordamiento del búfer hace que el proceso se segmente antes de que se elimine . Esto significa que, aunque  se reinicie automáticamente, se bloqueará nuevamente tan pronto como intente analizar el archivo de texto. Aclaración de CVSS. El ataque se puede ejecutar en cualquier conexión de red que la estación esté escuchando y sirva a la interfaz web (AV:N), y no hay ninguna medida de seguridad adicional en el lugar que deba eludirse (AC:L), el ataque no depende de condiciones previas (AT:N). El ataque requiere autenticación, pero el nivel de autenticación es irrelevante (PR:L), no requiere interacción del usuario (UI:N). El ataque conduce a una disponibilidad reducida del dispositivo (VC:N/VI:N/VA:H). No hay impacto en los sistemas posteriores. (SC:N/SI:N/SA:N). Aunque este dispositivo es un cargador de vehículos eléctricos que gestiona cantidades significativas de energía, no prevemos un impacto en la seguridad. El ataque puede automatizarse (AU:Y). Debido a que la condición de denegación de servicio se escribe en el disco de forma persistente, el usuario no puede recuperarla (R:I).\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"csirt@divd.nl\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:I/V:X/RE:X/U:X\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnerableSystemConfidentiality\":\"NONE\",\"vulnerableSystemIntegrity\":\"NONE\",\"vulnerableSystemAvailability\":\"HIGH\",\"subsequentSystemConfidentiality\":\"NONE\",\"subsequentSystemIntegrity\":\"NONE\",\"subsequentSystemAvailability\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"YES\",\"recovery\":\"IRRECOVERABLE\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"csirt@divd.nl\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]}],\"references\":[{\"url\":\"https://csirt.divd.nl/CVE-2024-43661/\",\"source\":\"csirt@divd.nl\"},{\"url\":\"https://csirt.divd.nl/DIVD-2024-00035/\",\"source\":\"csirt@divd.nl\"},{\"url\":\"https://iocharger.com\",\"source\":\"csirt@divd.nl\"}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-43661\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-09T14:40:55.906992Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-09T14:41:16.492Z\"}}], \"cna\": {\"title\": \"Buffer overflow in <redacted>.so leads to DoS of OCPP service\", \"source\": {\"advisory\": \"DIVD-2024-00035\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Wilco van Beijnum\"}, {\"lang\": \"en\", \"type\": \"analyst\", \"value\": \"Harm van den Brink (DIVD)\"}, {\"lang\": \"en\", \"type\": \"analyst\", \"value\": \"Frank Breedijk (DIVD)\"}], \"impacts\": [{\"capecId\": \"CAPEC-607\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-607 Obstruction\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"IRRECOVERABLE\", \"baseScore\": 7.1, \"Automatable\": \"YES\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:I\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Iocharger\", \"product\": \"Iocharger firmware for AC models\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"24120701\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-01-09T00:00:00.000Z\", \"references\": [{\"url\": \"https://csirt.divd.nl/DIVD-2024-00035/\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://csirt.divd.nl/CVE-2024-43661/\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://iocharger.com\", \"tags\": [\"product\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The <redacted>.so library, which is used by <redacted>, is\\nvulnerable to a buffer overflow in the code that handles the deletion\\nof certificates. This buffer overflow can be triggered by providing a\\nlong file path to the <redacted> action of the <redacted>.exe CGI binary or\\nto the <redacted>.sh CGI script. This binary or script will write this\\nfile path to <redacted>, which is then\\nread by <redacted>.so\\n\\n\\nThis issue affects Iocharger firmware for AC models before version 24120701.\\n\\nLikelihood: Moderate \\u2013 An attacker will have to find this exploit by\\neither obtaining the binaries involved in this vulnerability, or by trial\\nand error. Furthermore, the attacker will need a (low privilege)\\naccount to gain access to the <redacted>.exe CGI binary or <redacted>.sh\\nscript to trigger the vulnerability, or convince a user with such access\\nsend an HTTP request that triggers it.\\n\\n\\nImpact: High \\u2013 The <redacted> process, which we assume is\\nresponsible for OCPP communication, will keep crashing after\\nperforming the exploit. This happens because the buffer overflow\\ncauses the process to segfault before\\n<redacted> is removed. This means that,\\neven though <redacted> is automatically restarted, it will crash\\nagain as soon as it tries to parse the text file.\\n\\nCVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). The attack leads to reducred availability of the device (VC:N/VI:N/VA:H). THere is not impact on subsequent systems. (SC:N/SI:N/SA:N). Alltough this device is an EV charger handing significant amounts of power, we do not forsee a safety impact. The attack can be automated (AU:Y). Because the DoS condition is written to disk persistantly, it cannot be recovered by the user (R:I).\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The &lt;redacted&gt;.so library, which is used by &lt;redacted&gt;, is\\nvulnerable to a buffer overflow in the code that handles the deletion\\nof certificates. This buffer overflow can be triggered by providing a\\nlong file path to the &lt;redacted&gt; action of the &lt;redacted&gt;.exe CGI binary or\\nto the &lt;redacted&gt;.sh CGI script. This binary or script will write this\\nfile path to &lt;redacted&gt;, which is then\\nread by &lt;redacted&gt;.so\\n<br><br>This issue affects Iocharger firmware for AC models before version 24120701.<br><br>Likelihood: Moderate \\u2013 An attacker will have to find this exploit by\\neither obtaining the binaries involved in this vulnerability, or by trial\\nand error. Furthermore, the attacker will need a (low privilege)\\naccount to gain access to the &lt;redacted&gt;.exe CGI binary or &lt;redacted&gt;.sh\\nscript to trigger the vulnerability, or convince a user with such access\\nsend an HTTP request that triggers it.\\n<br><br>Impact: High \\u2013 The &lt;redacted&gt; process, which we assume is\\nresponsible for OCPP communication, will keep crashing after\\nperforming the exploit. This happens because the buffer overflow\\ncauses the process to segfault before\\n&lt;redacted&gt; is removed. This means that,\\neven though &lt;redacted&gt; is automatically restarted, it will crash\\nagain as soon as it tries to parse the text file.<br><br>CVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). The attack leads to reducred availability of the device (VC:N/VI:N/VA:H). THere is not impact on subsequent systems. (SC:N/SI:N/SA:N). Alltough this device is an EV charger handing significant amounts of power, we do not forsee a safety impact. The attack can be automated (AU:Y). Because the DoS condition is written to disk persistantly, it cannot be recovered by the user (R:I).<br>\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-121\", \"description\": \"CWE-121 Exploit Non-Production Interfaces\"}]}], \"providerMetadata\": {\"orgId\": \"b87402ff-ae37-4194-9dae-31abdbd6f217\", \"shortName\": \"DIVD\", \"dateUpdated\": \"2025-03-11T13:07:04.504Z\"}}}",
         cveMetadata: "{\"cveId\": \"CVE-2024-43661\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-11T13:07:04.504Z\", \"dateReserved\": \"2024-08-14T09:27:41.769Z\", \"assignerOrgId\": \"b87402ff-ae37-4194-9dae-31abdbd6f217\", \"datePublished\": \"2025-01-09T07:56:46.514Z\", \"assignerShortName\": \"DIVD\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.