Cyber Resilience

CVE-2021-45876

CriticalRCE

Published: 21 March 2022

Published
21 March 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0434 89.2th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-45876 is a critical-severity Command Injection (CWE-77) vulnerability in Garo Wallbox Gtb Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 10.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection. The url parameter of the function module downloadAndUpdate is vulnerable to an command Injection. Unfiltered user input is used to generate code which then gets executed when downloading…

more

new firmware.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

garo
wallbox gtb firmware
≤ 185
garo
wallbox gtc firmware
≤ 185
garo
wallbox glb firmware
≤ 185

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References