1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: LITEON
- Equipment: IC48A and IC80A
- Vulnerability: Plaintext Storage of a Password
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to access sensitive information when accessing the Liteon EV chargers.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of LITEON EV chargers are affected:
- LITEON IC48A: Firmware versions prior to 01.00.19r
- LITEON IC80A: Firmware versions prior to 01.01.12e
3.2 VULNERABILITY OVERVIEW
3.2.1 PLAINTEXT STORAGE OF A PASSWORD CWE-256
LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in their system logs.
CVE-2025-7357 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
A CVSS v4 score has also been calculated for CVE-2025-7357. A base score of 8.7 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Energy, Transportation Systems
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: Taiwan
Read the original article: