Iocharger AC Model Chargers Command Injection Vulnerability Allowing OS Command Execution as Root

A command injection vulnerability has been identified in Iocharger firmware for AC model chargers, affecting versions prior to 24120701. This vulnerability allows authenticated users to execute operating system commands as the root user on the charging station. The issue arises from improper neutralization of special elements used in commands, enabling manipulation of backup files to include malicious CGI scripts that can be executed remotely. The vulnerability has a moderate likelihood of exploitation, as it requires knowledge of the file structure and access to upload modified backup files. However, once exploited, it grants full control over the charging station, with potential safety implications due to the high power involved.

Impact

Exploitation of this vulnerability leads to full remote code execution on the affected charging station, with the attacker gaining root privileges. This allows for arbitrary modification, addition, or deletion of files and services on the device. Furthermore, compromised chargers can be used to access restricted networks, and given the nature of the device, there are significant safety concerns.

Reproduction

To reproduce this vulnerability, an authenticated user must manipulate a settings backup file to include a new CGI script, and then restore the modified backup. This process may require knowledge of the file structure and the correct directory for the CGI script.

Remediation

Iocharger has released a firmware update version 24120701 that addresses this vulnerability. For versions 25010801, which fixes an additional three vulnerabilities, Iocharger products can contact their distributor or reach out to Iocharger directly via email for the updated firmware.