Overview
Authenticated Remote Code Execution via firmware upgrade function.
Product and Version
| Product | Affected | Mitigated |
|---|---|---|
| Nova 360 Cabinet | <= 1.3.0.0.7b102 | Beta1.3.0.1.0 |
| Titan 180 Premium | <= 1.3.0.0.6 | 1.3.0.0.9 |
Description
The charger firmware is upgraded by providing a zip file, then /ubi/local/apps/ocpp/ocpp will service the actual process. The service doesn't have any validation/authentication check against provided archive. Authenticated user can upload the crafted archive to totally compromise the device (there are several ways to upgrade, including via web interface).