exploitDog

CVE-2024-44843

Опубликовано: 15 апр. 2025

Источник: nvd

CVSS3: 5.9

EPSS Низкий

Описание

An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests.

Ссылки

https://gist.github.com/Badranh/94359664799db6d4709871f0c353f476
Exploit
Third Party Advisory
https://github.com/steve-community/steve/blob/master/src/main/java/de/rwth/idsg/steve/ocpp/ws/OcppWebSocketHandshakeHandler.java
Product
https://github.com/steve-community/steve/issues/1546
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:steve-community:steve:3.7.1:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.00061

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-287

Связанные уязвимости

GHSA-g2fr-wj73-rxrw

CVSS3: 5.9

github

10 месяцев назад

An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests.

EPSS

Процентиль: 19%

0.00061

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-287