GCVE - cpe:2.3:h:bender:cc612:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:bender:cc612:-:*:*:*:*:*:*:*

part: h version: - update: *

Vendor	Bender (`0876ce5f-bacd-5df6-b2fe-92874e03f9c1`)
Product	Cc612 (`d4671977-485e-51e1-a40d-5545e6abda49`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-34602`	not_vulnerable	2026-06-03 14:44:45.816608	Bender Charge Controller: Long URL could lead to webserver crash HIGH (8.8) In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges. Published: 2022-04-27T15:15:34.774Z Updated: 2024-09-17T01:46:57.289Z Open on db.gcve.eu Reference links https://cert.vde.com/en/advisories/VDE-2021-047	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-34601`	not_vulnerable	2026-06-03 14:44:45.815953	Bender Charge Controller: Hardcoded Credentials in Charge Controller CRITICAL (9.8) In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI. Published: 2022-04-27T15:15:33.375Z Updated: 2024-09-16T19:47:12.796Z Open on db.gcve.eu Reference links https://cert.vde.com/en/advisories/VDE-2021-047	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-34592`	not_vulnerable	2026-06-03 14:44:45.779381	Bender Charge Controller: Command injection via Web interface HIGH (8.8) In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields. Published: 2022-04-27T15:15:31.464Z Updated: 2024-09-16T22:20:44.822Z Open on db.gcve.eu Reference links https://cert.vde.com/en/advisories/VDE-2021-047	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-34591`	not_vulnerable	2026-06-03 14:44:45.778738	Bender Charge Controller: Local privilege Escalation HIGH (7.8) In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd. Published: 2022-04-27T15:15:30.014Z Updated: 2024-09-16T20:36:53.897Z Open on db.gcve.eu Reference links https://cert.vde.com/en/advisories/VDE-2021-047	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-34590`	not_vulnerable	2026-06-03 14:44:45.778087	Bender Charge Controller: Cross-site Scripting MEDIUM (5.4) In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed. Published: 2022-04-27T15:15:28.655Z Updated: 2024-09-16T22:01:39.627Z Open on db.gcve.eu Reference links https://cert.vde.com/en/advisories/VDE-2021-047	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-34589`	not_vulnerable	2026-06-03 14:44:45.774724	Bender Charge Controller: RFID leak HIGH (7.5) In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface. Published: 2022-04-27T15:15:27.151Z Updated: 2024-09-16T21:08:59.841Z Open on db.gcve.eu Reference links https://cert.vde.com/en/advisories/VDE-2021-047	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-34588`	not_vulnerable	2026-06-03 14:44:45.774062	Bender Charge Controller: Unprotected data export HIGH (8.6) In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot . Published: 2022-04-27T15:15:25.652Z Updated: 2024-09-16T21:07:21.537Z Open on db.gcve.eu Reference links https://cert.vde.com/en/advisories/VDE-2021-047	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-34587`	not_vulnerable	2026-06-03 14:44:45.768355	Bender Charge Controller: Long URL could lead to webserver crash MEDIUM (5.3) In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable. Published: 2022-04-27T15:15:24.084Z Updated: 2024-09-17T02:58:12.456Z Open on db.gcve.eu Reference links https://cert.vde.com/en/advisories/VDE-2021-047	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.