Iocharger Command Injection Vulnerability in AC Models Allowing Remote Code Execution

A command injection vulnerability has been identified in Iocharger firmware for AC models prior to version 24120701. This vulnerability allows authenticated users to inject commands through a specific parameter in a <redacted>.exe request, leading to remote code execution as the root user. The issue arises because the injection point is not a typical location for such vulnerabilities, making it likely that an attacker would need to reverse-engineer the firmware or experiment with various <redacted> fields to discover it. Additionally, the attacker must have a low-privilege account to access the <redacted> binary or persuade a user with the necessary privileges to execute a malicious payload.

Impact

Exploitation of this vulnerability gives the attacker full control over the affected charging station, executing commands as the root user. This access allows for arbitrary modification, addition, or deletion of files and services on the device. Furthermore, a compromised charger can be used to access otherwise unreachable networks, potentially leading to safety risks due to the charger's high power capacity.

Reproduction

To reproduce this vulnerability, an authenticated user must send a request to the Iocharger device with a command injected into the filename parameter of a <redacted>.exe request. This can be done by exploiting the <redacted> action, using a low-privilege account to gain access to the vulnerable binary.

Remediation

Iocharger has released a firmware update version 24120701 for all AC models, which addresses this vulnerability. For models requiring further updates, version 25010801 is available. Firmware can be obtained through Iocharger distributors or by contacting Iocharger directly.