CVE-2021-45876
Summary
| CVE | CVE-2021-45876 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-03-21 11:15:00 UTC |
| Updated | 2022-03-28 17:04:00 UTC |
| Description | Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection. The url parameter of the function module downloadAndUpdate is vulnerable to an command Injection. Unfiltered user input is used to generate code which then gets executed when downloading new firmware. |
Risk And Classification
Problem Types: CWE-77
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Garo | Wallbox Glb | - | All | All | All |
| Operating System | Garo | Wallbox Glb Firmware | All | All | All | All |
| Hardware | Garo | Wallbox Gtb | - | All | All | All |
| Operating System | Garo | Wallbox Gtb Firmware | All | All | All | All |
| Hardware | Garo | Wallbox Gtc | - | All | All | All |
| Operating System | Garo | Wallbox Gtc Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| advisory/GARO at main · delikely/advisory · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.