ByteOS Network

Vulnerability Details :

CVE-2021-34602

Assigner Org ID-270ccfa6-a436-4e77-922e-914ec3a9685c

Published At-27 Apr, 2022 | 15:15

Updated At-17 Sep, 2024 | 01:46

Bender Charge Controller: Long URL could lead to webserver crash

In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:CERTVDE

Assigner Org ID:270ccfa6-a436-4e77-922e-914ec3a9685c

Published At:27 Apr, 2022 | 15:15

Updated At:17 Sep, 2024 | 01:46

▼CVE Numbering Authority (CNA)

Bender Charge Controller: Long URL could lead to webserver crash

Affected Products

Vendor

Bender / ebee

Product

CC612

Versions

Affected

From 5.11.x before 5.11.2 (custom)
From 5.12.x before 5.12.5 (custom)
From 5.13.x before 5.13.2 (custom)
From 5.20.x before 5.20.2 (custom)

Vendor

Bender / ebee

Product

CC613

Versions

Affected

From 5.11.x before 5.11.2 (custom)
From 5.12.x before 5.12.5 (custom)
From 5.13.x before 5.13.2 (custom)
From 5.20.x before 5.20.2 (custom)

Vendor

Bender / ebee

Product

ICC15xx

Versions

Affected

From 5.11.x before 5.11.2 (custom)
From 5.12.x before 5.12.5 (custom)
From 5.13.x before 5.13.2 (custom)
From 5.20.x before 5.20.2 (custom)

Vendor

Bender / ebee

Product

ICC16xx

Versions

Affected

From 5.11.x before 5.11.2 (custom)
From 5.12.x before 5.12.5 (custom)
From 5.13.x before 5.13.2 (custom)
From 5.20.x before 5.20.2 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-78	CWE-78 OS Command Injection

Type: CWE

CWE ID: CWE-78

Description: CWE-78 OS Command Injection

Metrics

Version	Base score	Base severity	Vector
3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Credits

Bender thanks Qianxin StarV Security Lab, China. The issue was coordinated by CERT@VDE.

References

Hyperlink	Resource
https://cert.vde.com/en/advisories/VDE-2021-047	x_refsource_CONFIRM

Hyperlink: https://cert.vde.com/en/advisories/VDE-2021-047

Resource:

x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://cert.vde.com/en/advisories/VDE-2021-047	x_refsource_CONFIRM x_transferred

Hyperlink: https://cert.vde.com/en/advisories/VDE-2021-047

Resource:

x_refsource_CONFIRM

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:info@cert.vde.com

Published At:27 Apr, 2022 | 16:15

Updated At:11 May, 2022 | 17:46

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P