📦 Charx Sec 3100 Firmware

This critical vulnerability allows unauthenticated remote attackers to modify device configurations, potentially leading to remote code execution with root privileges. It affects systems with specific...

CVE-2024-25995 allows unauthenticated remote attackers to execute arbitrary code with root privileges or cause denial of service by exploiting improper input validation in configuration modification. ...

This vulnerability allows a local attacker with SSH access to escalate privileges to root by exploiting improper input validation in a vulnerable script. Systems with local user accounts and the vulne...

This vulnerability allows an unauthenticated attacker on the same network to modify system configuration through a specific API endpoint, granting them read and write access. It affects systems with t...

An unauthenticated remote attacker can send malicious MQTT messages to trigger buffer overflow vulnerabilities in charging stations compliant with German Calibration Law (Eichrecht). This allows attac...

An unauthenticated attacker on the local network can exploit the firmware update feature to reset the password for the low-privileged 'user-app' account to its default value. This affects devices with...

A local attacker with low privileges can exploit a command injection vulnerability in the OCPP Remote service to execute arbitrary commands and gain root privileges due to improper input validation. T...

This vulnerability allows a local low-privileged attacker to exploit an untrusted search path in a CHARX system utility to escalate privileges to root. It affects systems running vulnerable versions o...

CVE-2024-26003 is an out-of-bounds read vulnerability in a charging system control agent that allows unauthenticated remote attackers to cause a denial-of-service condition. This can disrupt charging ...

This vulnerability allows unauthenticated remote attackers to perform man-in-the-middle attacks due to lack of encryption for sensitive data in affected charging systems. While charging functionality ...

CVE-2024-25998 allows unauthenticated remote attackers to execute arbitrary commands on OCPP (Open Charge Point Protocol) services due to improper input validation. This affects electric vehicle charg...

This vulnerability allows unauthenticated remote attackers to write memory out of bounds via improper input validation in the MQTT stack. It affects systems using vulnerable MQTT implementations, pote...

A command injection vulnerability in the API allows low-privileged remote attackers to execute arbitrary code as the user-app user due to improper input validation. This affects systems running vulner...