Login
Start Free Trial
Research Center
CVE-2021-45876 Research Center

CVE-2021-45876

Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection. The url parameter of the function module downloadAndUpdate is vulnerable to an command Injection. Unfiltered user input is used to generate code which then gets executed when downloading new firmware.

  • 9.8 critical severity

  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

  • 21/03/2022

Operating Systems 3

Wa

Wallbox GTB Firmware

by Garo

2 Versions

8 months ago

Wa

Wallbox GTC Firmware

by Garo

2 Versions

8 months ago

Wa

Wallbox GLB Firmware

by Garo

2 Versions

8 months ago

Vulnerability Categories 1

Improper Neutralization of Special Elements used in a Command ('Command Injection')

xTags 7

#easy_to_exploit
#critical_vulnerability
#known_vulnerability
#confidentiality_impact_if_exploited
#integrity_impact_if_exploited
#availability_impact_if_exploited
#new_vulnerability_published

Advisory Links 1

https://github.com/delikely/advisory/tree/main/GARO
http://www.vicarius.io is owned and operated by Vicarius Ltd. (the “Company”). All information contained on the Website is purely for informational, and educational purposes and should be independently verified and confirmed. Vicarius does not accept any liability for any loss or damage whatsoever caused in reliance upon such information or services. No statements or information presented in any form by Vicarius is intended as fact, and you agree that you will not consider the statements or information presented on the Website as fact or as a guarantee of performance.

Related CVEs

Security Research Topics

By Jenny R
Nov 25, 2022

Choosing the Right Access Control Model

Choosing the right access control model for your project/organization is of great importance from a security point of view. There are more access control models, and I will try to show you their differences in this article.
By Khurram Arif
Nov 25, 2022

Fortinet Authentication Bypass Vulnerability - CVE-2022-40684

Vulnerability allows adversaries to bypass authentication and login into the vulnerable systems as an administrator.
By acephale 4w
Nov 22, 2022

Hardening

In this article I talk about the process of hardening systems, in hopes of laying the ground for talking about OS hardening in particular
By Paul Lighter
Nov 21, 2022

From Nuclear Bombs to Zero Days

China is alleged to be stockpiling vulnerabilities to weaponize into cyber attacks. Now that the cyber arms race has kicked into high gear, it's only a matter of time before match reaches powder.
By Jenny R
Nov 17, 2022

Code security and safety tips when writing guidelines

Preventing cyber-attacks starts at the very beginning of the development of the application by writing secure code.
last_chanse_04.png

Start Closing Security Gaps

  • Risk reduction from Day 1
  • Fast set-up and deployment
  • Unified platform
  • Full-featured 30-day trial
Get a Demo
Start Free Trial!