关键信息 漏洞详情 Product: GARO Wallbox GLB/GTB/GTC Vulnerable Version: <=185 CVE Number: CVE-2021-45876/45877/45878 Impact: Critical Fixed Version: [Not mentioned] Found: 2021.09.16 Homepage: www.garo.se By: delikely@StarVLab 漏洞概述 1. Without Authentication (CVE-2021-45878): Lack of access control on the web manager pages that allows any user to view and modify information. 2. Hard Coded Credentials for Tomcat Manager (CVE-2021-45877): A hardcoded credential in allows attackers to gain authorized access and control the Tomcat completely. Normal users cannot be modified or deleted. 3. Unauthenticated Command Injection (CVE-2021-45876): The parameter of the function is vulnerable to a command injection. Unfiltered user input is used to generate code which then gets executed when downloading new firmware. Proof of Concept 1. Without Authentication 2. Hard Coded Credentials for Tomcat Manager 3. Unauthenticated Command Injection 解决方案 Advisory URL: Contact GARO, didn't get reply. 厂商联系时间线 2021-09-13: Contacting vendor through Email. 2021-10-12: Contacting vendor through Email Again. 2021-12-25: We have not got in touch with GARO, Disclosure the advisory. 2021-12-26: Reporting to CVE. 2022-03-21: CVE Team assigned CVE number.