Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection. The url parameter of the function module downloadAndUpdate is vulnerable to an command Injection. Unfiltered user input is used to generate code which then gets executed when downloading new firmware.
References
Link | Resource |
---|---|
https://github.com/delikely/advisory/tree/main/GARO | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-03-21T10:27:40
Updated: 2022-03-21T10:27:40
Reserved: 2021-12-27T00:00:00
Link: CVE-2021-45876
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-21T11:15:10.620
Modified: 2022-03-28T17:04:59.407
Link: CVE-2021-45876
JSON object: View
Redhat Information
No data.
CWE