← Voltar para CVEs
CVE-2020-8006
HIGH8.8
Descricao
The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The ocpp1.5 and pwrstudio binaries on the charging station do not use a number of common exploitation mitigations. In particular, there are no stack canaries and they do not use the Position Independent Executable (PIE) format.
Detalhes CVE
Pontuacao CVSS v3.18.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado4/12/2024
Ultima modificacao11/4/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
circontrol:raption_server
Fraquezas (CWE)
CWE-121
Referencias
https://circontrol.com/intelligent-charging-solutions/dc-chargers-series/raption-150/(cve@mitre.org)
https://seclists.org/fulldisclosure/2024/Mar/33(cve@mitre.org)
http://seclists.org/fulldisclosure/2024/Mar/33(af854a3a-2127-422b-91ae-364da2661108)
https://circontrol.com/intelligent-charging-solutions/dc-chargers-series/raption-150/(af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/fulldisclosure/2024/Mar/33(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.