"value":"Authenticated command injection in the filename of a <redacted>.exe request leads to remote code execution as the root user.\n\nThis issue affects Iocharger firmware for AC models before version 24120701.\n\nLikelihood: Moderate \u2013 This action is not a common place for command injection vulnerabilities to occur. Thus, an attacker will likely only be able to find this vulnerability by reverse-engineering the firmware or trying it on all <redacted> fields. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a payload.\n\nImpact: Critical \u2013 The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services.\n\nCVSS clarification:\u00a0This attack can be performed over any network conenction serving the web interfacr (AV:N), and there are not additional mitigating measures that need to be circumvented (AC:L) or other prerequisites (AT:N). The attack does require privileges, but the level does not matter (PR:L), there is no user interaction required (UI:N). The attack leeds to a full compromised of the charger (VC:H/VI:H/VA:H) and a compromised charger can be used to \"pivot\" to networks that should normally not be reachable (SC:L/SI:L/SA:H). Because this is an EV chargers with significant pwoer, there is a potential safety imp0act (S:P). THis attack can be automated (AU:Y)."
}
]
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang":"eng",
"value":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId":"CWE-78"
}
]
},
{
"description":[
{
"lang":"eng",
"value":"CWE-250: Execution with Unnecessary Privileges",
"cweId":"CWE-250"
}
]
},
{
"description":[
{
"lang":"eng",
"value":"OWASP-A03: Injection"
}
]
}
]
},
"affects":{
"vendor":{
"vendor_data":[
{
"vendor_name":"Iocharger",
"product":{
"product_data":[
{
"product_name":"Iocharger firmware for AC models",
