CVE-2021-34588
8.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Bender / ebee | CC612 | 5.11.x < 5.11.2 | affected |
| Bender / ebee | CC612 | 5.12.x < 5.12.5 | affected |
| Bender / ebee | CC612 | 5.13.x < 5.13.2 | affected |
| Bender / ebee | CC612 | 5.20.x < 5.20.2 | affected |
| Bender / ebee | CC613 | 5.11.x < 5.11.2 | affected |
| Bender / ebee | CC613 | 5.12.x < 5.12.5 | affected |
| Bender / ebee | CC613 | 5.13.x < 5.13.2 | affected |
| Bender / ebee | CC613 | 5.20.x < 5.20.2 | affected |
| Bender / ebee | ICC15xx | 5.11.x < 5.11.2 | affected |
| Bender / ebee | ICC15xx | 5.12.x < 5.12.5 | affected |
| Bender / ebee | ICC15xx | 5.13.x < 5.13.2 | affected |
| Bender / ebee | ICC15xx | 5.20.x < 5.20.2 | affected |
| Bender / ebee | ICC16xx | 5.11.x < 5.11.2 | affected |
| Bender / ebee | ICC16xx | 5.12.x < 5.12.5 | affected |
| Bender / ebee | ICC16xx | 5.13.x < 5.13.2 | affected |
| Bender / ebee | ICC16xx | 5.20.x < 5.20.2 | affected |
Weaknesses
- CWE-425: CWE-425 Direct Request (Forced Browsing)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.