An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels.
References
Link | Resource |
---|---|
https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life | Exploit |
https://www.exploit-db.com/exploits/45384/ | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-09-18T20:00:00
Updated: 2018-10-04T19:57:01
Reserved: 2018-09-07T00:00:00
Link: CVE-2018-16669
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-09-18T20:29:01.030
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-16669
JSON object: View
Redhat Information
No data.
CWE