Vulnerability Description
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection. The url parameter of the function module downloadAndUpdate is vulnerable to an command Injection. Unfiltered user input is used to generate code which then gets executed when downloading new firmware.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Garo | Wallbox Gtb Firmware | <= 185 |
| Garo | Wallbox Gtb | - |
| Garo | Wallbox Gtc Firmware | <= 185 |
| Garo | Wallbox Gtc | - |
| Garo | Wallbox Glb Firmware | <= 185 |
| Garo | Wallbox Glb | - |
Related Weaknesses (CWE)
References
- https://github.com/delikely/advisory/tree/main/GAROThird Party Advisory
- https://github.com/delikely/advisory/tree/main/GAROThird Party Advisory
FAQ
What is CVE-2021-45876?
CVE-2021-45876 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection. The url parameter of the function module downloadAndUpdate is vulnerable to an command Injection. Unfil...
How severe is CVE-2021-45876?
CVE-2021-45876 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-45876?
Check the references section above for vendor advisories and patch information. Affected products include: Garo Wallbox Gtb Firmware, Garo Wallbox Gtb, Garo Wallbox Gtc Firmware, Garo Wallbox Gtc, Garo Wallbox Glb Firmware.