Iocharger AC Models Patch Traversal Vulnerability Allowing Arbitrary File Deletion

A patch traversal vulnerability has been identified in Iocharger Home firmware for AC models, prior to version 25010801. This vulnerability allows authenticated users to delete arbitrary files on the charging station, which could disrupt the integrity and availability of the device. Exploitation of this vulnerability could also remove essential binaries, further affecting the charging station's functionality.

Impact

Exploitation of this vulnerability can lead to the deletion of any file on the charging station, severely disrupting its operation. This includes the potential removal of critical binaries required for the charging station's functionality, causing significant downtime.

Reproduction

The vulnerability can be reproduced by using the <redacted> action or <redacted>.sh script to perform directory traversal, allowing for the deletion of arbitrary files and directories on the device.

Remediation

Iocharger has released a firmware update version 25010801 that addresses this vulnerability. The firmware is available through Iocharger distributors. If not contacted by a distributor, users can reach out to Iocharger directly via email for the update.