CVE-2023-29114

System logs could be accessed through web management application due to a lack of access control.

An attacker can obtain the following sensitive information:

•     Wi-Fi access point credentials to which the EV charger can connect.

•     APN web address and credentials.

•     IPSEC credentials.

•     Web interface access credentials for user and admin accounts.

•     JuiceBox system components (software installed, model, firmware version, etc.).

•     C2G configuration details.

•     Internal IP addresses.

•     OTA firmware update configurations (DNS servers).

All the credentials are stored in logs in an unencrypted plaintext format.