CloudCharge WebSocket API Rate Limiting Vulnerability Allowing Denial-of-Service and Brute-Force Attacks
Vulnerability
A vulnerability exists in the CloudCharge WebSocket API due to a lack of rate limiting on authentication requests. This flaw could enable an attacker to perform denial-of-service attacks by disrupting legitimate charger telemetry or to conduct brute-force attacks to gain unauthorized access. The vulnerability affects all versions of CloudCharge's web application.
Impact
Exploitation of this vulnerability could lead to denial-of-service conditions by misrouting or suppressing legitimate traffic, causing significant disruptions. Additionally, the absence of rate limiting could be exploited to perform brute-force attacks, potentially leading to unauthorized access.
Remediation
CloudCharge has not responded to CISA's request for coordination. For more information, contact CloudCharge through their support page.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.