CVE-2023-30399

Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
garowallbox_glb_firmware
𝑥
≤ 189
garowallbox_gtb_firmware
𝑥
≤ 189
garowallbox_gtc_firmware
𝑥
≤ 189
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://garocharging.com/glb-wallbox/
https://github.com/Yof3ng/IoT/blob/master/Garo/CVE-2023-30399.md
https://www.garo.se/
http://garocharging.com/glb-wallbox/
https://github.com/Yof3ng/IoT/blob/master/Garo/CVE-2023-30399.md
https://www.garo.se/