CVE-2020-8006
12.04.2024, 12:15
The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The ocpp1.5 and pwrstudio binaries on the charging station do not use a number of common exploitation mitigations. In particular, there are no stack canaries and they do not use the Position Independent Executable (PIE) format.Enginsight
Vendor | Product | Version |
---|---|---|
circontrol | raption_server | 𝑥 ≤ 5.11.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration