Vulnerability Details CVE-2021-34601
In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2021-34601
-
cpe:2.3:h:bender:cc612:-
-
cpe:2.3:h:bender:cc613:-
-
cpe:2.3:o:bender:cc612_firmware:*
-
cpe:2.3:o:bender:cc612_firmware:5.11.0
-
cpe:2.3:o:bender:icc15xx_firmware:*