CVE-2024-5684
📋 TL;DR
This vulnerability allows attackers on the same network as affected EV chargers to bypass password authentication on the web configuration interface by exploiting a JWT library misconfiguration that accepts 'none' algorithms. Attackers gain user-level access but not admin/developer privileges. Affected systems are Volkswagen Group Charging GmbH Elli EVBox ID Charger Connect and Pro chargers.
💻 Affected Systems
- Volkswagen Group Charging GmbH Elli EVBox ID Charger Connect
- Volkswagen Group Charging GmbH Elli EVBox ID Charger Pro
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains unauthorized user-level access to charger configuration, potentially enabling manipulation of charging settings, user data access, or facilitating further attacks.
Likely Case
Local network attacker bypasses authentication to access charger web interface with standard user permissions.
If Mitigated
With proper network segmentation and access controls, impact limited to isolated charging network segments.
🎯 Exploit Status
Exploitation requires crafting JWT tokens with 'none' algorithm and network access to charger interface
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched versions
Restart Required: Yes
Instructions:
1. Contact Volkswagen Group Charging GmbH/Elli for patched firmware. 2. Backup charger configuration. 3. Apply firmware update via management interface. 4. Verify JWT library configuration rejects 'none' algorithm.
🔧 Temporary Workarounds
Network Segmentation
allIsolate charger network from general corporate/guest networks
Access Control Lists
allRestrict network access to charger management interfaces
🧯 If You Can't Patch
- Implement strict network segmentation to isolate chargers from untrusted networks
- Deploy network monitoring for unauthorized authentication attempts to charger interfaces
🔍 How to Verify
Check if Vulnerable:
Test JWT authentication by sending tokens with 'none' algorithm to charger web interfaceCheck Version:
Check firmware version via charger web interface or management consoleVerify Fix Applied:
Verify JWT library rejects tokens with 'none' algorithm and requires valid signatures📡 Detection & Monitoring
Log Indicators:
- Failed authentication attempts followed by successful access
- JWT validation errors in application logs
Network Indicators:
- Unusual authentication requests to charger management interface
- JWT tokens with 'none' algorithm in HTTP traffic
SIEM Query:
source="charger_logs" AND (event="authentication_bypass" OR jwt_algorithm="none")🔗 References
- https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/
- https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/
