VYPR
Vendor

Enel X

Products
3
CVEs
9
Across products
9
Status
Private

Products

3

Recent CVEs

9
  • CVE-2023-29120CriNov 5, 2024
    risk 0.62cvss 9.6epss 0.00

    Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system.

  • CVE-2023-29119CriNov 5, 2024
    risk 0.62cvss 9.6epss 0.00

    Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/dbstore.php.

  • CVE-2023-29125CriNov 5, 2024
    risk 0.59cvss 9.0epss 0.00

    A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700.

  • CVE-2026-0778HigJan 23, 2026
    risk 0.57cvss 8.8epss 0.01

    Enel X JuiceBox 40 Telnet Service Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Enel X JuiceBox 40 charging stations. Authentication is not required to…

  • CVE-2023-29117HigNov 5, 2024
    risk 0.57cvss 8.8epss 0.00

    Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system.

  • CVE-2023-29115MedNov 5, 2024
    risk 0.42cvss 6.5epss 0.00

    In certain conditions a request directed to the Waybox Enel X Web management application could cause a denial-of-service (e.g. reboot).

  • CVE-2023-29114MedNov 5, 2024
    risk 0.37cvss 5.7epss 0.00

    System logs could be accessed through web management application due to a lack of access control. An attacker can obtain the following sensitive information: •     Wi-Fi access point credentials to which the EV charger can connect. •     APN web…

  • CVE-2023-29116MedNov 5, 2024
    risk 0.28cvss 4.3epss 0.00

    Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained.

  • CVE-2023-29126MedNov 5, 2024
    risk 0.27cvss 4.2epss 0.00

    The Waybox Enel X web management application contains a PHP-type juggling vulnerability that may allow a brute force process and under certain conditions bypass authentication.