How to fix CVE-2024-43652?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Validate that input sanitization is in place for all user-controlled parameters.

Is Command Injection affected by CVE-2024-43652?

CVE-2024-43652 presents critical security risk, a OS command injection vulnerability rated CVSS 9.3. Successful exploitation could allow attackers to execute arbitrary code or commands on affected systems, potentially leading to full system compromise.

CVE-2024-43652

CRITICAL

2025-01-09 [email protected]

Command Injection

9.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:D/RE:M/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:02 vuln.today

CVE Published

Jan 09, 2025 - 08:15 nvd

CRITICAL 9.3

DescriptionNVD

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701

Likelihood: Moderate - The <redacted> binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a crafted HTTP request.

Impact: Critical - The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services.

AnalysisAI

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root It seems to be largely the same binary as used by the Iocharger. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a crafted HTTP request. Impact: Critical - The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services. Version information: version 24120701.

Affected ProductsAI

Iocharger firmware for AC model chargers.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

CVE-2024-43652 vulnerability details – vuln.today

Back

CVE-2024-43652

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

CVE-2024-43652

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code