Vestel AC Charger Sensitive Information Exposure Vulnerability

A vulnerability in the Vestel AC Charger EVC04 model, specifically in version 3.75.0, allows unauthorized access to files containing sensitive information such as credentials. These credentials could be used to further compromise the device. The vulnerability arises from the charger being connected to an open internet network and using default web configuration interface credentials.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive system information, including credentials, which could be used to gain control of the charger. Additionally, such exploitation may cause a denial-of-service or partial integrity loss, disrupting the charger's operations.

Remediation

Users are strongly advised to update the AC charger software to version 3.187 or any later version. For those using version 3.75.0, it is recommended to change the default login credentials and remove any documents that contain these credentials from the web. Vestel also suggests using secure methods like Virtual Private Networks (VPNs) for remote access and minimizing network exposure for control system devices.