CVE-2024-11666

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 24, 2024
Updated: Dec 3, 2024
CWE ID 345

Summary

CVE-2024-11666 is a vulnerability affecting cph2_echarge_firmware versions through 2.0.4. The issue allows unauthenticated attackers, positioned between an EV charger controller and eCharge infrastructure, to establish insecure communication and execute arbitrary commands with elevated privileges on targeted devices due to peer verification being disabled. This can lead to significant security risks and potential exploitation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share