Read Time:28 Second
Posted by Dariusz G on Mar 27
Circontrol EV Charger vulnerabilities.
1. CVE-2020-8006 Pre-Auth Stack Based Buffer Overflow
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (10)
The server in Circontrol Raption through 5.11.2 has a pre-authentication
stack-based buffer overflow that can be exploited to gain run-time control
of the device as root.
When the server parses the HTTP headers and finds the Basic-Authentication
tag it will call a base64 decode function. This function…