Chargemap WebSocket API Rate Limiting Vulnerability Allowing Denial-of-Service and Brute-Force Attacks
Vulnerability
A vulnerability exists in the WebSocket Application Programming Interface of Chargemap's charging station management system, specifically on chargemap.com. This vulnerability arises from a lack of rate limiting on authentication requests, which could enable an attacker to perform denial-of-service attacks by disrupting or misrouting legitimate charger telemetry. Additionally, this flaw could be exploited to conduct brute-force attacks, potentially leading to unauthorized access.
Impact
Exploitation of this vulnerability could allow attackers to disrupt charging services by causing denial-of-service conditions or to gain unauthorized access by bypassing authentication mechanisms.
Remediation
Chargemap has not responded to CISA's request for coordination. For more information, contact Chargemap through their support page.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.