CVE-2021-45878
Description
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by incorrect access control. Lack of access control on the web manger pages allows any user to view and modify information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- GARO/Wallbox GLB/GTB/GTCdescription
Patches
Vulnerability mechanics
Root cause
"Lack of access control on the web manager pages allows any user to view and modify information without authentication."
Attack vector
An attacker can access the web manager pages without any authentication because the pages lack access control. This allows any user—even unauthenticated ones—to view and modify sensitive information on the device. The attack is performed over the network by simply navigating to the web management interface [ref_id=1].
Affected code
The advisory identifies the web manager pages of GARO Wallbox GLB/GTB/GTC models (firmware version ≤185) as the affected component. No specific file paths or function names are provided in the advisory [ref_id=1].
What the fix does
The advisory states that the vendor (GARO) was contacted multiple times but did not reply, and no fixed version was confirmed by the vendor. The recommended remediation is to implement proper authentication and authorization checks on all web manager pages to prevent unauthorized access [ref_id=1].
Preconditions
- networkNetwork access to the GARO Wallbox web management interface
- authNo authentication required
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- github.com/delikely/advisory/tree/main/GAROmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.