CVE-2023-29114 Information

Description

System logs could be accessed through web management application due to a lack of access control.

An attacker can obtain the following sensitive information:

• Wi-Fi access point credentials to which the EV charger can connect.

• APN web address and credentials.

• IPSEC credentials.

• Web interface access credentials for user and admin accounts.

• JuiceBox system components (software installed model firmware version etc.).

• C2G configuration details.

• Internal IP addresses.

• OTA firmware update configurations (DNS servers).

All the credentials are stored in logs in an unencrypted plaintext format.

Reference

https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf