CVE-2024-11666
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Nov 24, 2024
Updated: Dec 3, 2024
CWE ID 345
Summary
CVE-2024-11666 is a vulnerability affecting cph2_echarge_firmware versions through 2.0.4. The issue allows unauthenticated attackers, positioned between an EV charger controller and eCharge infrastructure, to establish insecure communication and execute arbitrary commands with elevated privileges on targeted devices due to peer verification being disabled. This can lead to significant security risks and potential exploitation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- eCharge Hardy Barth