CVE-2024-5684— ID Charger Connect & Pro - JWT-Null-Algorithm
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-5684
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ID Charger Connect & Pro - JWT-Null-Algorithm
Source: NVD (National Vulnerability Database)
Vulnerability Description
An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would have. However, an attacker will not have developer or admin rights. If the implementation of the JWT-library is wrongly configured to accept "none"-algorithms, the server will pass insecure JWT. A local, unauthenticated attacker can exploit this vulnerability to bypass the authentication mechanism.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
对数据真实性的验证不充分
Source: NVD (National Vulnerability Database)
Vulnerability Title
ID Charger 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Volkswagen Group ID Charger是德国大众(Volkswagen Group)公司的一个家庭全能充电器。 ID Charger Connect & Pro存在安全漏洞,该漏洞源于JWT库的错误实现,未经身份验证的攻击者可以利用此漏洞绕过身份验证机制。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Volkswagen Group Charging GmbH - Elli, EVBox | ID Charger Connect & Pro | SPR3.2B | - |
II. Public POCs for CVE-2024-5684
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-5684
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-345
- CVE-2026-42575
apko doesn't verify downloaded apk packages against APKINDEX - CVE-2026-41432
New API: Stripe Webhook Signature Bypass via Empty Secret En - CVE-2026-42206
Roadiz OpenID Connect nonce generated but never validated — - CVE-2026-31835
Vaultwarden WebAuthn credential metadata tampered before sig - CVE-2026-43534
OpenClaw < 2026.4.10 - Unsanitized External Input in Agent H
V. Comments for CVE-2024-5684
No comments yet