CVE-2021-34601

CRITICAL

Bender/ebee <5.20.1 - Auth Bypass

Title source: llm

Description

In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI.

References (1)

[Vendor Advisory] https://cert.vde.com/en/advisories/VDE-2021-047

Scores

CVSS v3 9.8

EPSS 0.0041

EPSS Percentile 61.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-259 CWE-798

Status published

Products (2)

bender/cc612_firmware 5.11.0 - 5.11.2

bender/icc15xx_firmware 5.11.0 - 5.11.2

Published Apr 27, 2022

Tracked Since Feb 18, 2026