Bender Icc15xx_firmware
8 CVEs affecting Bender Icc15xx_firmware. Latest disclosed: 2022-04-27. Critical: 1, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-34601 | Critical | 9.8 | 2022-04-27 | In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone… |
CVE-2021-34602 | High | 8.8 | 2022-04-27 | In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands i… |
CVE-2021-34592 | High | 8.8 | 2022-04-27 | In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands i… |
CVE-2021-34588 | High | 8.6 | 2022-04-27 | In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at use… |
CVE-2021-34591 | High | 7.8 | 2022-04-27 | In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid ap… |
CVE-2021-34589 | High | 7.5 | 2022-04-27 | In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the… |
CVE-2021-34590 | Medium | 5.4 | 2022-04-27 | In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration va… |
CVE-2021-34587 | Medium | 5.3 | 2022-04-27 | In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable. |