cbcvebase.

Garo Wallbox Glb Firmware vulnerabilities

4 known vulnerabilities affecting garo/wallbox_glb_firmware.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1

Vulnerabilities

Page 1 of 1
CVE-2021-45876P2CRITICALCVSS 9.8≤ 1852022-03-21
CVE-2021-45876 [CRITICAL] CWE-77 CVE-2021-45876: Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection. The Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection. The url parameter of the function module downloadAndUpdate is vulnerable to an command Injection. Unfiltered user input is used to generate code which then gets executed when downloading new firmware.
nvd
CVE-2021-45877P3CRITICALCVSS 9.8≤ 1852022-03-21
CVE-2021-45877 [CRITICAL] CWE-798 CVE-2021-45877: Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded cr Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded credential exist in /etc/tomcat8/tomcat-user.xml, which allows attackers to gain authorized access and control the tomcat completely on port 8000 in the tomcat manger page.
nvd
CVE-2021-45878P3CRITICALCVSS 9.1≤ 1852022-03-21
CVE-2021-45878 [CRITICAL] CWE-306 CVE-2021-45878: Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by incorrect access control. Lack of acce Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by incorrect access control. Lack of access control on the web manger pages allows any user to view and modify information.
nvd
CVE-2023-30399P3HIGHCVSS 8.1≤ 1892023-05-04
CVE-2023-30399 [HIGH] CWE-732 CVE-2023-30399: Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers t Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack.
nvd
Garo Wallbox Glb Firmware vulnerabilities | cvebase