Primary

Context

LITEON IC48A and IC80A EV Chargers Plaintext Password Storage Vulnerability

Vulnerability

A vulnerability exists in LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e, where FTP server access credentials are stored in cleartext within the system logs. This vulnerability could allow unauthorized access to sensitive information from the EV chargers.

Impact

Exploitation of this vulnerability could lead to unauthorized access to FTP server credentials, potentially allowing attackers to access sensitive information from the affected EV chargers.

Remediation

LITEON has released firmware updates to address this vulnerability. Users can upgrade to LITEON IC48A firmware version 01.00.20h or LITEON IC80A firmware version 01.01.13m. For more information, contact LITEON.

Added: Jul 16, 2025, 5:51 PM

Updated: Jul 16, 2025, 5:51 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LITEON IC48A and IC80A EV Chargers Plaintext Password Storage Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating