System logs could be accessed through web management application due to a lack of access control. An attacker can obtain the following sensitive information: β’βββββWi-Fi access point credentials to which the EV charger can connect. β’βββββAPN web address and credentials. β’βββββIPSEC credentials. β’βββββWeb interface access credentials for user and admin accounts. β’βββββJuiceBox system components (software installed, model, firmware version, etc.). β’βββββC2G configuration details. β’βββββInternal IP addresses. β’βββββOTA firmware update configurations (DNS servers). All the credentials are stored in logs in an unencrypted plaintext format.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanationCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1 reference(s) from NVD