Description
In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Affected products
- Bender / ebee / CC6125.11.x – 5.11.2
- Bender / ebee / CC6125.12.x – 5.12.5
- Bender / ebee / CC6125.13.x – 5.13.2
- Bender / ebee / CC6125.20.x – 5.20.2
- Bender / ebee / CC6135.11.x – 5.11.2
- Bender / ebee / CC6135.12.x – 5.12.5
- Bender / ebee / CC6135.13.x – 5.13.2
- Bender / ebee / CC6135.20.x – 5.20.2
- Bender / ebee / ICC15xx5.11.x – 5.11.2
- Bender / ebee / ICC15xx5.12.x – 5.12.5
- Bender / ebee / ICC15xx5.13.x – 5.13.2
- Bender / ebee / ICC15xx5.20.x – 5.20.2
- Bender / ebee / ICC16xx5.11.x – 5.11.2
- Bender / ebee / ICC16xx5.12.x – 5.12.5
- Bender / ebee / ICC16xx5.13.x – 5.13.2
- Bender / ebee / ICC16xx5.20.x – 5.20.2
References
- VENDOR_ADVISORYhttps://cert.vde.com/en/advisories/VDE-2021-047