Vulnerability Description
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bender | Cc612 Firmware | >= 5.11.0, < 5.11.2 |
| Bender | Cc612 | - |
| Bender | Icc15Xx Firmware | >= 5.11.0, < 5.11.2 |
| Bender | Cc613 | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en/advisories/VDE-2021-047Not ApplicableVendor Advisory
- https://cert.vde.com/en/advisories/VDE-2021-047Not ApplicableVendor Advisory
FAQ
What is CVE-2021-34592?
CVE-2021-34592 is a vulnerability with a CVSS score of 8.8 (HIGH). In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields.
How severe is CVE-2021-34592?
CVE-2021-34592 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-34592?
Check the references section above for vendor advisories and patch information. Affected products include: Bender Cc612 Firmware, Bender Cc612, Bender Icc15Xx Firmware, Bender Cc613.