CVE-2021-34591

Summary

In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd.

Affected Software

VendorProductVersion RangeStatus
Bender / ebeeCC6125.11.x < 5.11.2affected
Bender / ebeeCC6125.12.x < 5.12.5affected
Bender / ebeeCC6125.13.x < 5.13.2affected
Bender / ebeeCC6125.20.x < 5.20.2affected
Bender / ebeeCC6135.11.x < 5.11.2affected
Bender / ebeeCC6135.12.x < 5.12.5affected
Bender / ebeeCC6135.13.x < 5.13.2affected
Bender / ebeeCC6135.20.x < 5.20.2affected
Bender / ebeeICC15xx5.11.x < 5.11.2affected
Bender / ebeeICC15xx5.12.x < 5.12.5affected
Bender / ebeeICC15xx5.13.x < 5.13.2affected
Bender / ebeeICC15xx5.20.x < 5.20.2affected
Bender / ebeeICC16xx5.11.x < 5.11.2affected
Bender / ebeeICC16xx5.12.x < 5.12.5affected
Bender / ebeeICC16xx5.13.x < 5.13.2affected
Bender / ebeeICC16xx5.20.x < 5.20.2affected

Weaknesses

  • CWE-250: CWE-250 Execution with Unnecessary Privileges

ADP Enrichment

CVE Program Container

Additional References

References