Vulnerability Description
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded credential exist in /etc/tomcat8/tomcat-user.xml, which allows attackers to gain authorized access and control the tomcat completely on port 8000 in the tomcat manger page.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Garo | Wallbox Gtb Firmware | <= 185 |
| Garo | Wallbox Gtb | - |
| Garo | Wallbox Gtc Firmware | <= 185 |
| Garo | Wallbox Gtc | - |
| Garo | Wallbox Glb Firmware | <= 185 |
| Garo | Wallbox Glb | - |
Related Weaknesses (CWE)
References
- https://github.com/delikely/advisory/tree/main/GAROThird Party Advisory
- https://github.com/delikely/advisory/tree/main/GAROThird Party Advisory
FAQ
What is CVE-2021-45877?
CVE-2021-45877 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded credential exist in /etc/tomcat8/tomcat-user.xml, which allows attackers to gain authorized access and...
How severe is CVE-2021-45877?
CVE-2021-45877 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-45877?
Check the references section above for vendor advisories and patch information. Affected products include: Garo Wallbox Gtb Firmware, Garo Wallbox Gtb, Garo Wallbox Gtc Firmware, Garo Wallbox Gtc, Garo Wallbox Glb Firmware.