Enel X
Products
3- 6 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-29120 | Cri | 0.62 | 9.6 | 0.00 | Nov 5, 2024 | Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system. | ||
| CVE-2023-29119 | Cri | 0.62 | 9.6 | 0.00 | Nov 5, 2024 | Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/dbstore.php. | ||
| CVE-2023-29125 | Cri | 0.59 | 9.0 | 0.00 | Nov 5, 2024 | A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700. | ||
| CVE-2026-0778 | Hig | 0.57 | 8.8 | 0.01 | Jan 23, 2026 | Enel X JuiceBox 40 Telnet Service Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Enel X JuiceBox 40 charging stations. Authentication is not required to… | ||
| CVE-2023-29117 | Hig | 0.57 | 8.8 | 0.00 | Nov 5, 2024 | Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system. | ||
| CVE-2023-29115 | Med | 0.42 | 6.5 | 0.00 | Nov 5, 2024 | In certain conditions a request directed to the Waybox Enel X Web management application could cause a denial-of-service (e.g. reboot). | ||
| CVE-2023-29114 | Med | 0.37 | 5.7 | 0.00 | Nov 5, 2024 | System logs could be accessed through web management application due to a lack of access control. An attacker can obtain the following sensitive information: • Wi-Fi access point credentials to which the EV charger can connect. • APN web… | ||
| CVE-2023-29116 | Med | 0.28 | 4.3 | 0.00 | Nov 5, 2024 | Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained. | ||
| CVE-2023-29126 | Med | 0.27 | 4.2 | 0.00 | Nov 5, 2024 | The Waybox Enel X web management application contains a PHP-type juggling vulnerability that may allow a brute force process and under certain conditions bypass authentication. |
- risk 0.62cvss 9.6epss 0.00
Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system.
- risk 0.62cvss 9.6epss 0.00
Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/dbstore.php.
- risk 0.59cvss 9.0epss 0.00
A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700.
- risk 0.57cvss 8.8epss 0.01
Enel X JuiceBox 40 Telnet Service Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Enel X JuiceBox 40 charging stations. Authentication is not required to…
- risk 0.57cvss 8.8epss 0.00
Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system.
- risk 0.42cvss 6.5epss 0.00
In certain conditions a request directed to the Waybox Enel X Web management application could cause a denial-of-service (e.g. reboot).
- risk 0.37cvss 5.7epss 0.00
System logs could be accessed through web management application due to a lack of access control. An attacker can obtain the following sensitive information: • Wi-Fi access point credentials to which the EV charger can connect. • APN web…
- risk 0.28cvss 4.3epss 0.00
Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained.
- risk 0.27cvss 4.2epss 0.00
The Waybox Enel X web management application contains a PHP-type juggling vulnerability that may allow a brute force process and under certain conditions bypass authentication.