Vulnerability Description
Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Garo | Wallbox Glb Firmware | <= 189 |
| Garo | Wallbox Glb | - |
| Garo | Wallbox Gtb Firmware | <= 189 |
| Garo | Wallbox Gtb | - |
| Garo | Wallbox Gtc Firmware | <= 189 |
| Garo | Wallbox Gtc | - |
Related Weaknesses (CWE)
References
- http://garocharging.com/glb-wallbox/Product
- https://github.com/Yof3ng/IoT/blob/master/Garo/CVE-2023-30399.mdExploitThird Party Advisory
- https://www.garo.se/Product
- http://garocharging.com/glb-wallbox/Product
- https://github.com/Yof3ng/IoT/blob/master/Garo/CVE-2023-30399.mdExploitThird Party Advisory
- https://www.garo.se/Product
FAQ
What is CVE-2023-30399?
CVE-2023-30399 is a vulnerability with a CVSS score of 8.1 (HIGH). Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack.
How severe is CVE-2023-30399?
CVE-2023-30399 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-30399?
Check the references section above for vendor advisories and patch information. Affected products include: Garo Wallbox Glb Firmware, Garo Wallbox Glb, Garo Wallbox Gtb Firmware, Garo Wallbox Gtb, Garo Wallbox Gtc Firmware.