Critical severity9.8NVD Advisory· Published Sep 18, 2018· Updated Jun 17, 2026

CVE-2018-16669

Description

An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Circontrol/PowerStudiollm-create
Range: <1.5.0
Circontrol/Open Charge Point Protocol (OCPP)llm-create
Range: <1.5.0
Circontrol/CirCarLifellm-fuzzy
Range: <1.5.0

Patches

Vulnerability mechanics

References

github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-lifenvdExploit
www.exploit-db.com/exploits/45384/nvdExploitThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000