CVE-2021-45419 – This CVE describes an improper input validation... (How to Fix)

Q: How do I fix CVE-2021-45419?

1. Contact Starcharge support for firmware updates. 2. Download the appropriate firmware for your model. 3. Apply firmware update following manufacturer instructions. 4. Restart the charging station to complete installation.

Q: What is the severity of CVE-2021-45419?

CVE-2021-45419 has a CVSS score of 8.8 (HIGH). This CVE describes an improper input validation vulnerability in Starcharge Nova 360 Cabinet and Titan 180 Premium charging stations. Attackers can exploit this flaw to potentially execute arbitrary code or cause denial of service by sending specially crafted input. Organizations using these specific Starcharge charging station models are affected.

📋 TL;DR

This CVE describes an improper input validation vulnerability in Starcharge Nova 360 Cabinet and Titan 180 Premium charging stations. Attackers can exploit this flaw to potentially execute arbitrary code or cause denial of service by sending specially crafted input. Organizations using these specific Starcharge charging station models are affected.

💻 Affected Systems

Products:

Starcharge Nova 360 Cabinet
Starcharge Titan 180 Premium

Versions: Nova 360 Cabinet <= 1.3.0.0.7b102, Titan 180 Premium <= 1.3.0.0.6

Operating Systems: Embedded systems in charging stations

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Nova 360 Cabinet Firmware by Starcharge

View all CVEs affecting Nova 360 Cabinet Firmware →

Titan 180 Premium Firmware by Starcharge

View all CVEs affecting Titan 180 Premium Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution allowing attackers to take full control of the charging station, potentially compromising connected vehicles or using the device as a foothold into the network.

🟠

Likely Case

Denial of service attacks that could disable charging functionality, potentially disrupting electric vehicle operations.

🟢

If Mitigated

Limited impact with proper network segmentation and input validation controls in place, potentially only causing minor service disruptions.

🌐 Internet-Facing: HIGH - Charging stations are often deployed in public locations with internet connectivity, making them accessible to attackers.

🏢 Internal Only: MEDIUM - Internal network access still poses risk, but attack surface is reduced compared to internet-facing deployments.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept exists on GitHub. The vulnerability requires no authentication and has low exploitation complexity, making it attractive to attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Nova 360 Cabinet: Beta1.3.0.1.0 or later, Titan 180 Premium: 1.3.0.0.9 or later

Vendor Advisory: http://starcharge.com

Restart Required: Yes

Instructions:

1. Contact Starcharge support for firmware updates. 2. Download the appropriate firmware for your model. 3. Apply firmware update following manufacturer instructions. 4. Restart the charging station to complete installation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate charging stations from critical network segments and restrict inbound connections.

Input Validation Proxy

all

Deploy a reverse proxy with strict input validation rules to filter malicious requests.

🧯 If You Can't Patch

Segment charging stations on isolated VLANs with strict firewall rules
Implement network monitoring and intrusion detection for charging station traffic

🔍 How to Verify

Check if Vulnerable:

Check firmware version via device management interface or console. Compare against affected version ranges.

Check Version:

Check device management interface or use manufacturer-specific CLI commands (varies by model)

Verify Fix Applied:

Verify firmware version is at or above the fixed versions: Nova 360 Cabinet >= Beta1.3.0.1.0, Titan 180 Premium >= 1.3.0.0.9

📡 Detection & Monitoring

Log Indicators:

Unusual input patterns in charging station logs
Multiple failed connection attempts
Unexpected firmware modification attempts

Network Indicators:

Unusual traffic patterns to/from charging stations
Malformed packets targeting charging station ports

SIEM Query:

source="charging_station" AND (event_type="input_error" OR event_type="firmware_modification")

📊 Metadata

CVE ID: CVE-2021-45419

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-345

Published: December 22, 2021

Last Updated: November 21, 2024

🔗 References

http://starcharge.com Vendor Advisory
https://github.com/shortmore/trsh/blob/main/starcharge/CVE-2021-45419.md Third Party Advisory
https://vincss.net Not Applicable
http://starcharge.com Vendor Advisory
https://github.com/shortmore/trsh/blob/main/starcharge/CVE-2021-45419.md Third Party Advisory
https://vincss.net Not Applicable

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45419, you might also want to check these: