CVE-2021-34589

Summary

In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface.

Affected Software

VendorProductVersion RangeStatus
Bender / ebeeCC6125.11.x < 5.11.2affected
Bender / ebeeCC6125.12.x < 5.12.5affected
Bender / ebeeCC6125.13.x < 5.13.2affected
Bender / ebeeCC6125.20.x < 5.20.2affected
Bender / ebeeCC6135.11.x < 5.11.2affected
Bender / ebeeCC6135.12.x < 5.12.5affected
Bender / ebeeCC6135.13.x < 5.13.2affected
Bender / ebeeCC6135.20.x < 5.20.2affected
Bender / ebeeICC15xx5.11.x < 5.11.2affected
Bender / ebeeICC15xx5.12.x < 5.12.5affected
Bender / ebeeICC15xx5.13.x < 5.13.2affected
Bender / ebeeICC15xx5.20.x < 5.20.2affected
Bender / ebeeICC16xx5.11.x < 5.11.2affected
Bender / ebeeICC16xx5.12.x < 5.12.5affected
Bender / ebeeICC16xx5.13.x < 5.13.2affected
Bender / ebeeICC16xx5.20.x < 5.20.2affected

Weaknesses

  • CWE-200: CWE-200 Information Exposure

ADP Enrichment

CVE Program Container

Additional References

References