Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-5684

Summary
Assigner-ASRG
Assigner Org ID-c15abc07-96a9-4d11-a503-5d621bfe42ba
Published At-06 Jun, 2024 | 12:54
Updated At-01 Aug, 2024 | 21:18
Rejected At-
Credits

ID Charger Connect & Pro - JWT-Null-Algorithm

An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would have. However, an attacker will not have developer or admin rights. If the implementation of the JWT-library is wrongly configured to accept "none"-algorithms, the server will pass insecure JWT. A local, unauthenticated attacker can exploit this vulnerability to bypass the authentication mechanism.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ASRG
Assigner Org ID:c15abc07-96a9-4d11-a503-5d621bfe42ba
Published At:06 Jun, 2024 | 12:54
Updated At:01 Aug, 2024 | 21:18
Rejected At:
▼CVE Numbering Authority (CNA)
ID Charger Connect & Pro - JWT-Null-Algorithm

An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would have. However, an attacker will not have developer or admin rights. If the implementation of the JWT-library is wrongly configured to accept "none"-algorithms, the server will pass insecure JWT. A local, unauthenticated attacker can exploit this vulnerability to bypass the authentication mechanism.

Affected Products
Vendor
Volkswagen Group Charging GmbH - Elli, EVBox
Product
ID Charger Connect & Pro
Default Status
unaffected
Versions
Affected
  • SPR3.2B
  • SPR3.51
  • SPR3.52
Problem Types
TypeCWE IDDescription
CWECWE-345CWE-345 Insufficient Verification of Data Authenticity
Type: CWE
CWE ID: CWE-345
Description: CWE-345 Insufficient Verification of Data Authenticity
Metrics
VersionBase scoreBase severityVector
3.16.3MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-115CAPEC-115 Authentication Bypass
CAPEC ID: CAPEC-115
Description: CAPEC-115 Authentication Bypass
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Anna Breeva (PCAutomotive)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/
N/A
Hyperlink: https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
volkswagen_group_charging_gmbh_elli_evbox
Product
id_charger_connect_and_pro
CPEs
  • cpe:2.3:a:volkswagen_group_charging_gmbh_elli_evbox:id_charger_connect_and_pro:spr3.2b:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • spr3.2b
Vendor
volkswagen_group_charging_gmbh_elli_evbox
Product
id_charger_connect_and_pro
CPEs
  • cpe:2.3:a:volkswagen_group_charging_gmbh_elli_evbox:id_charger_connect_and_pro:spr3.51:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • spr3.51
Vendor
volkswagen_group_charging_gmbh_elli_evbox
Product
id_charger_connect_and_pro
CPEs
  • cpe:2.3:a:volkswagen_group_charging_gmbh_elli_evbox:id_charger_connect_and_pro:spr3.52:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • spr3.52
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/
x_transferred
Hyperlink: https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@asrg.io
Published At:06 Jun, 2024 | 13:15
Updated At:11 Jun, 2024 | 18:13

An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would have. However, an attacker will not have developer or admin rights. If the implementation of the JWT-library is wrongly configured to accept "none"-algorithms, the server will pass insecure JWT. A local, unauthenticated attacker can exploit this vulnerability to bypass the authentication mechanism.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.16.3MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CPE Matches
vw
vw
>>id.charger_connect_firmware>>spr3.2
cpe:2.3:o:vw:id.charger_connect_firmware:spr3.2:beta:*:*:*:*:*:*
vw
vw
>>id.charger_connect_firmware>>spr3.51
cpe:2.3:o:vw:id.charger_connect_firmware:spr3.51:*:*:*:*:*:*:*
vw
vw
>>id.charger_connect_firmware>>spr3.52
cpe:2.3:o:vw:id.charger_connect_firmware:spr3.52:*:*:*:*:*:*:*
vw
vw
>>id.charger_connect>>-
cpe:2.3:h:vw:id.charger_connect:-:*:*:*:*:*:*:*
vw
vw
>>id.charger_pro_firmware>>spr3.2
cpe:2.3:o:vw:id.charger_pro_firmware:spr3.2:beta:*:*:*:*:*:*
vw
vw
>>id.charger_pro_firmware>>spr3.51
cpe:2.3:o:vw:id.charger_pro_firmware:spr3.51:*:*:*:*:*:*:*
vw
vw
>>id.charger_pro_firmware>>spr3.52
cpe:2.3:o:vw:id.charger_pro_firmware:spr3.52:*:*:*:*:*:*:*
vw
vw
>>id.charger_pro>>-
cpe:2.3:h:vw:id.charger_pro:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-345Primarynvd@nist.gov
CWE-345Secondarycve@asrg.io
CWE ID: CWE-345
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-345
Type: Secondary
Source: cve@asrg.io
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/cve@asrg.io
Third Party Advisory
Hyperlink: https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/
Source: cve@asrg.io
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2023-27360
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.23%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-03 Jan, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability

NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the lighttpd HTTP server. The issue results from allowing execution of files from untrusted sources. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19398.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30_firmware
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-346
Origin Validation Error
CVE-2022-22994
Matching Score-4
Assigner-Western Digital
ShareView Details
Matching Score-4
Assigner-Western Digital
CVSS Score-8.8||HIGH
EPSS-0.80% / 73.03%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 19:35
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient Verification of Data Authenticity Remote Code Execution Vulnerability on Western Digital My Cloud devices.

A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. This was a result insufficient verification of calls to the device. The vulnerability was addressed by disabling checks for internet connectivity using HTTP.

Action-Not Available
Vendor-Western Digital Corp.
Product-my_cloud_dl2100wd_cloudmy_cloudmy_cloud_ex4100my_cloud_ex2_ultramy_cloud_osmy_cloud_mirror_gen_2my_cloud_pr2100my_cloud_dl4100my_cloud_ex2100my_cloud_pr4100My Cloud
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
Details not found