CVE-2023-29114

CVSS V2 None CVSS V3 None
Description
System logs could be accessed through web management application due to a lack of access control. An attacker can obtain the following sensitive information: •     Wi-Fi access point credentials to which the EV charger can connect. •     APN web address and credentials. •     IPSEC credentials. •     Web interface access credentials for user and admin accounts. •     JuiceBox system components (software installed, model, firmware version, etc.). •     C2G configuration details. •     Internal IP addresses. •     OTA firmware update configurations (DNS servers). All the credentials are stored in logs in an unencrypted plaintext format.
Overview
  • CVE ID
  • CVE-2023-29114
  • Assigner
  • ASRG
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-11-05T15:01:08.666Z
  • Last Modified Date
  • 2024-11-05T17:00:26.636Z
Weakness Enumerations
CWE URL
CWE-200 http://cwe.mitre.org/data/definitions/200.html
References
Reference URL Reference Tags
https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-29114
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29114
History
Created Old Value New Value Data Type Notes
2024-11-06 13:05:33 Added to TrackCVE