CVE-2021-34601
CRITICALBender CC612 Firmware <= 5.20.1 - Hardcoded SSH Credentials
Title source: llmDescription
In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://cert.vde.com/en/advisories/VDE-2021-047
Scores
CVSS v3
9.8
EPSS
0.0099
EPSS Percentile
57.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-259
CWE-798
Status
published
Products (2)
bender/cc612_firmware
5.11.0 - 5.11.2
bender/icc15xx_firmware
5.11.0 - 5.11.2
Published
Apr 27, 2022
Tracked Since
Feb 18, 2026