CVE-2025-52264
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on StarCharge Artemis AC Chargers by exploiting a stack overflow in the download.cgi component. Attackers can potentially take full control of affected charging stations. This affects all users of StarCharge Artemis AC Charger 7-22 kW version 1.0.4.
💻 Affected Systems
- StarCharge Artemis AC Charger 7-22 kW
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the charging station allowing attackers to disable charging, manipulate billing data, or use the device as a foothold into connected networks.
Likely Case
Remote code execution leading to service disruption, data theft, or unauthorized access to the charging management system.
If Mitigated
Limited impact if the device is behind proper network segmentation and access controls, though the vulnerability remains exploitable.
🎯 Exploit Status
The vulnerability is in a CGI script which typically runs with web server privileges, making exploitation straightforward once the overflow is triggered.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: Yes
Instructions:
1. Contact StarCharge support for patch availability. 2. If patch is available, download from official vendor portal. 3. Apply patch following vendor instructions. 4. Restart the charging station.
🔧 Temporary Workarounds
Network Access Restriction
linuxBlock external access to the charging station's web interface
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP
CGI Script Disable
linuxDisable or remove the vulnerable download.cgi script
mv /path/to/download.cgi /path/to/download.cgi.disabled
🧯 If You Can't Patch
- Isolate charging stations on a separate VLAN with strict firewall rules
- Implement network monitoring for unusual traffic patterns to/from charging stations
🔍 How to Verify
Check if Vulnerable:
Check web interface version at http://<charger-ip>/status or similar endpointCheck Version:
curl -s http://<charger-ip>/version | grep -i versionVerify Fix Applied:
Verify version is no longer 1.0.4 and test download.cgi endpoint is no longer accessible📡 Detection & Monitoring
Log Indicators:
- Multiple large POST requests to download.cgi
- Unusual process execution from web server user
Network Indicators:
- HTTP requests with oversized parameters to download.cgi
- Unexpected outbound connections from charging station
SIEM Query:
source="web_logs" AND uri="/download.cgi" AND (bytes_sent>10000 OR status_code=500)