CVE-2024-43652

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 9, 2025

CWE ID 78

CWE ID 250

Summary

CVE-2024-43652 is a Command Injection vulnerability affecting Iocharger firmware for AC model chargers prior to version 24120701. This issue allows an attacker, with a low privilege account or through user manipulation, to execute OS commands as the root user. The impact is critical, as the attacker can arbitrarily modify, delete files, and manipulate services on the charging station. The binary responsible for this vulnerability, <redacted>, does not seem to be directly used by the web interface, but has the potential to pose a significant risk if accessed.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xv0wAd
https://www.cve.org/CVERecord?id=CVE-2024-43652
https://nvd.nist.gov/vuln/detail/CVE-2024-43652

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Submarine Cables Face Increasing Threats Amid Geopolitical Tensions and Limited Repair Capacity

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Know What Matters

For Customers

For Partners

CVE-2024-43652

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations