In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges.
References
Link | Resource |
---|---|
https://cert.vde.com/en/advisories/VDE-2021-047 | Vendor Advisory |
https://cert.vde.com/en/advisories/VDE-2021-047 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
21 Nov 2024, 06:10
Type | Values Removed | Values Added |
---|---|---|
References | () https://cert.vde.com/en/advisories/VDE-2021-047 - Vendor Advisory |
11 May 2022, 17:46
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
References | (CONFIRM) https://cert.vde.com/en/advisories/VDE-2021-047 - Vendor Advisory | |
CPE | cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:* cpe:2.3:h:bender:cc612:-:*:*:*:*:*:*:* cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:* |
27 Apr 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-27 16:15
Updated : 2024-11-21 06:10
NVD link : CVE-2021-34602
Mitre link : CVE-2021-34602
CVE.ORG link : CVE-2021-34602
JSON object : View
Products Affected
bender
- cc612_firmware
- cc612
- cc613
- icc15xx_firmware
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')