CVE-2021-34588

Summary

In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .

Affected Software

VendorProductVersion RangeStatus
Bender / ebeeCC6125.11.x < 5.11.2affected
Bender / ebeeCC6125.12.x < 5.12.5affected
Bender / ebeeCC6125.13.x < 5.13.2affected
Bender / ebeeCC6125.20.x < 5.20.2affected
Bender / ebeeCC6135.11.x < 5.11.2affected
Bender / ebeeCC6135.12.x < 5.12.5affected
Bender / ebeeCC6135.13.x < 5.13.2affected
Bender / ebeeCC6135.20.x < 5.20.2affected
Bender / ebeeICC15xx5.11.x < 5.11.2affected
Bender / ebeeICC15xx5.12.x < 5.12.5affected
Bender / ebeeICC15xx5.13.x < 5.13.2affected
Bender / ebeeICC15xx5.20.x < 5.20.2affected
Bender / ebeeICC16xx5.11.x < 5.11.2affected
Bender / ebeeICC16xx5.12.x < 5.12.5affected
Bender / ebeeICC16xx5.13.x < 5.13.2affected
Bender / ebeeICC16xx5.20.x < 5.20.2affected

Weaknesses

  • CWE-425: CWE-425 Direct Request (Forced Browsing)

ADP Enrichment

CVE Program Container

Additional References

References