Waybox
by Enel X
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-29120 | Cri | 0.62 | 9.6 | 0.00 | Nov 5, 2024 | Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system. | ||
| CVE-2023-29125 | Cri | 0.59 | 9.0 | 0.00 | Nov 5, 2024 | A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700. | ||
| CVE-2023-29117 | Hig | 0.57 | 8.8 | 0.00 | Nov 5, 2024 | Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system. | ||
| CVE-2023-29114 | Med | 0.37 | 5.7 | 0.00 | Nov 5, 2024 | System logs could be accessed through web management application due to a lack of access control. An attacker can obtain the following sensitive information: • Wi-Fi access point credentials to which the EV charger can connect. • APN web… | ||
| CVE-2023-29116 | Med | 0.28 | 4.3 | 0.00 | Nov 5, 2024 | Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained. | ||
| CVE-2023-29126 | Med | 0.27 | 4.2 | 0.00 | Nov 5, 2024 | The Waybox Enel X web management application contains a PHP-type juggling vulnerability that may allow a brute force process and under certain conditions bypass authentication. |
- risk 0.62cvss 9.6epss 0.00
Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system.
- risk 0.59cvss 9.0epss 0.00
A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700.
- risk 0.57cvss 8.8epss 0.00
Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system.
- risk 0.37cvss 5.7epss 0.00
System logs could be accessed through web management application due to a lack of access control. An attacker can obtain the following sensitive information: • Wi-Fi access point credentials to which the EV charger can connect. • APN web…
- risk 0.28cvss 4.3epss 0.00
Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained.
- risk 0.27cvss 4.2epss 0.00
The Waybox Enel X web management application contains a PHP-type juggling vulnerability that may allow a brute force process and under certain conditions bypass authentication.