Skip to main content

Charx Sec 3150 Firmware

29 CVEs product

Monthly

CVE-2025-25271 HIGH PATCH This Week

A security vulnerability in An unauthenticated adjacent attacker (CVSS 8.8). High severity vulnerability requiring prompt remediation.

Information Disclosure Charx Sec 3000 Firmware Charx Sec 3150 Firmware Charx Sec 3100 Firmware Charx Sec 3050 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-25270 CRITICAL PATCH Act Now

An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.

RCE Charx Sec 3000 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware Charx Sec 3050 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-25269 HIGH PATCH This Week

An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.

Command Injection Privilege Escalation Charx Sec 3000 Firmware Charx Sec 3150 Firmware Charx Sec 3100 Firmware +1
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-25268 HIGH PATCH This Week

An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.

Authentication Bypass Charx Sec 3100 Firmware Charx Sec 3150 Firmware Charx Sec 3050 Firmware Charx Sec 3000 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-24006 HIGH PATCH This Week

A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root.

Privilege Escalation Charx Sec 3000 Firmware Charx Sec 3150 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-24005 HIGH PATCH This Week

A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.

Privilege Escalation Charx Sec 3000 Firmware Charx Sec 3150 Firmware Charx Sec 3100 Firmware Charx Sec 3050 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-24004 MEDIUM This Month

A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog.

Buffer Overflow Charx Sec 3150 Firmware Charx Sec 3000 Firmware Charx Sec 3100 Firmware Charx Sec 3050 Firmware
NVD
CVSS 3.1
5.2
EPSS
0.0%
CVE-2025-24003 HIGH This Week

An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations.

Buffer Overflow Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3000 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-24002 MEDIUM This Month

An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they got restarted by the watchdog.

Denial Of Service Charx Sec 3100 Firmware Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-6788 CRITICAL Act Now

A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-3913 MEDIUM This Month

An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal Information Disclosure Charx Sec 3150 Firmware Charx Sec 3100 Firmware Charx Sec 3050 Firmware +1
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-28137 HIGH This Week

A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-28136 HIGH This Week

A local attacker with low privileges can use a command injection vulnerability to gain root privileges due to improper input validation using the OCPP Remote service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-28135 MEDIUM This Month

A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware +1
NVD
CVSS 3.1
5.0
EPSS
1.3%
CVE-2024-28134 HIGH This Week

An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2024-28133 HIGH This Week

A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-26288 HIGH This Week

An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
8.7
EPSS
0.3%
CVE-2024-26005 MEDIUM This Month

An unauthenticated remote attacker can gain service level privileges through an incomplete cleanup during service restart after a DoS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2024-26004 HIGH This Week

An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-26003 HIGH This Week

An unauthenticated remote attacker can DoS the control agent due to a out-of-bounds read which may prevent or disrupt the charging functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-26002 HIGH This Week

An improper input validation in the Qualcom plctool allows a local attacker with low privileges to gain root access by changing the ownership of specific files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-26001 CRITICAL Act Now

An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-26000 HIGH This Week

An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-25999 HIGH This Week

An unauthenticated local attacker can perform a privilege escalation due to improper input validation in the OCPP agent service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-25998 HIGH This Week

An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
7.3
EPSS
1.5%
CVE-2024-25997 MEDIUM This Month

An unauthenticated remote attacker can perform a log injection due to improper input validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-25996 CRITICAL Act Now

An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-25995 CRITICAL Act Now

An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-25994 MEDIUM This Month

An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.7%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A security vulnerability in An unauthenticated adjacent attacker (CVSS 8.8). High severity vulnerability requiring prompt remediation.

Information Disclosure Charx Sec 3000 Firmware Charx Sec 3150 Firmware +2
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.

RCE Charx Sec 3000 Firmware Charx Sec 3100 Firmware +2
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.

Command Injection Privilege Escalation Charx Sec 3000 Firmware +3
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.

Authentication Bypass Charx Sec 3100 Firmware Charx Sec 3150 Firmware +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root.

Privilege Escalation Charx Sec 3000 Firmware Charx Sec 3150 Firmware +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.

Privilege Escalation Charx Sec 3000 Firmware Charx Sec 3150 Firmware +2
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog.

Buffer Overflow Charx Sec 3150 Firmware Charx Sec 3000 Firmware +2
NVD
EPSS 0% CVSS 8.2
HIGH This Week

An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations.

Buffer Overflow Charx Sec 3050 Firmware Charx Sec 3100 Firmware +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they got restarted by the watchdog.

Denial Of Service Charx Sec 3100 Firmware Charx Sec 3000 Firmware +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Charx Sec 3000 Firmware Charx Sec 3050 Firmware +2
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal Information Disclosure Charx Sec 3150 Firmware +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Charx Sec 3000 Firmware Charx Sec 3050 Firmware +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A local attacker with low privileges can use a command injection vulnerability to gain root privileges due to improper input validation using the OCPP Remote service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Charx Sec 3000 Firmware Charx Sec 3050 Firmware +2
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Charx Sec 3000 Firmware +3
NVD
EPSS 0% CVSS 7.0
HIGH This Week

An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Charx Sec 3000 Firmware Charx Sec 3050 Firmware +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Charx Sec 3000 Firmware Charx Sec 3050 Firmware +2
NVD
EPSS 0% CVSS 8.7
HIGH This Week

An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Charx Sec 3000 Firmware Charx Sec 3050 Firmware +2
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

An unauthenticated remote attacker can gain service level privileges through an incomplete cleanup during service restart after a DoS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Charx Sec 3000 Firmware Charx Sec 3050 Firmware +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Charx Sec 3000 Firmware +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An unauthenticated remote attacker can DoS the control agent due to a out-of-bounds read which may prevent or disrupt the charging functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Charx Sec 3000 Firmware +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An improper input validation in the Qualcom plctool allows a local attacker with low privileges to gain root access by changing the ownership of specific files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Charx Sec 3000 Firmware Charx Sec 3050 Firmware +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Charx Sec 3000 Firmware +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Charx Sec 3000 Firmware +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An unauthenticated local attacker can perform a privilege escalation due to improper input validation in the OCPP agent service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Charx Sec 3000 Firmware Charx Sec 3050 Firmware +2
NVD
EPSS 1% CVSS 7.3
HIGH This Week

An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Charx Sec 3000 Firmware Charx Sec 3050 Firmware +2
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

An unauthenticated remote attacker can perform a log injection due to improper input validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Charx Sec 3000 Firmware Charx Sec 3050 Firmware +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Charx Sec 3000 Firmware Charx Sec 3050 Firmware +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Charx Sec 3000 Firmware Charx Sec 3050 Firmware +2
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Charx Sec 3000 Firmware Charx Sec 3050 Firmware +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy