CVE-2023-30399

HIGH

Garo Wallbox Glb Firmware < 189 - Incorrect Permission Assignment

Title source: rule

Description

Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack.

References (3)

Core 3

Core References

Product

http://garocharging.com/glb-wallbox/

Exploit, Third Party Advisory

https://github.com/Yof3ng/IoT/blob/master/Garo/CVE-2023-30399.md

View Exploit ZIP pw:eip

Product

https://www.garo.se/

Scores

CVSS v3 8.1

EPSS 0.0011

EPSS Percentile 29.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-732

Status published

Products (3)

garo/wallbox_glb_firmware < 189

garo/wallbox_gtb_firmware < 189

garo/wallbox_gtc_firmware < 189

Published May 04, 2023

Tracked Since Feb 18, 2026