CVE-2021-45877

An attacker can use the hardcoded credential found in `/etc/tomcat8/tomcat-user.xml` to authenticate to the Tomcat Manager web interface on port 8000 [ref_id=1]. No prior authentication or special network position is required beyond network access to the device's port 8000. Once authenticated, the attacker gains full administrative control over the Tomcat server, enabling them to deploy, start, stop, or remove web applications [ref_id=1].

The hardcoded credential is stored in the file `/etc/tomcat8/tomcat-user.xml` on the GARO Wallbox device [ref_id=1]. This file contains the Tomcat user configuration, and the credential cannot be modified or deleted by a normal user [ref_id=1].

The advisory states that the vendor (GARO) did not respond to multiple contact attempts, and no fixed version was confirmed at the time of disclosure [ref_id=1]. The recommended remediation is to remove or change the hardcoded credential in `/etc/tomcat8/tomcat-user.xml` and restrict access to the Tomcat Manager port (8000) via network controls. No official patch has been published by the vendor [ref_id=1].