HomePentest-Tools.com Logo

EVlink City < R8 V3.4.0.1 - Authentication Bypass CVE-2021-22707

Severity
CVSSv3 Score
9.8
Vulnerability description

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges.\n

Risk description

No risk description to display.

Recommendation

Upgrade to EVlink City R8 V3.4.0.1 or later to fix the authentication bypass vulnerability.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Jul 21, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available