We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
System logs could be accessed through web management application due to a lack of access control. An attacker can obtain the following sensitive information: • Wi-Fi access point credentials to which the EV charger can connect. • APN web address and credentials. • IPSEC credentials. • Web interface access credentials for user and admin accounts. • JuiceBox system components (software installed, model, firmware version, etc.). • C2G configuration details. • Internal IP addresses. • OTA firmware update configurations (DNS servers). All the credentials are stored in logs in an unencrypted plaintext format.
Reserved 2023-03-31 | Published 2024-11-05 | Updated 2024-11-05 | Assigner ASRGCWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Abdellah Benotsmane (PCAutomotive)
support-emobility.enelx.com/...urity-Bulletin-06-2024-V1.pdf
Support options