CVE-2024-43661

Summary

CVE-2024-43661: A buffer overflow vulnerability has been identified in the <redacted>.so library, which is utilized by Iocharger firmware for AC models before version 24120701. This issue arises when handling certificate deletion and can be triggered by providing a lengthy file path to specific CGI binaries or scripts in the system. Consequences include frequent crashing of the <redacted> process, impacting OCPP communication. The likelihood of exploitation is considered moderate, as an attacker would need access to the vulnerable binaries or scripts, or convince a user with such access to execute the attack. The impact, however, is high, as the device's availability is significantly reduced due to the process crashes. The vulnerability can be exploited remotely over any network connection serving the web interface, requiring no additional security measures to bypass and no user interaction. Authentication is required, but the level is irrelevant. Automated attacks are possible, making recovery impossible for users once the attack is executed. No safety concerns were identified.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.