Search criteria
2 vulnerabilities by Vestel
CVE-2025-3606 (GCVE-0-2025-3606)
Vulnerability from cvelistv5 – Published: 2025-04-24 23:15 – Updated: 2025-04-25 16:02
VLAI?
Title
Vestel AC Charger Exposure of Sensitive System Information to an Unauthorized Control Sphere
Summary
Vestel AC Charger
version
3.75.0 contains a vulnerability that
could enable an attacker to access files containing sensitive
information, such as credentials which could be used to further
compromise the device.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Vestel | AC Charger EVC04 |
Affected:
3.75.0
|
Credits
Cumhur Kizilari reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3606",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T15:37:27.258163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T16:02:38.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AC Charger EVC04",
"vendor": "Vestel",
"versions": [
{
"status": "affected",
"version": "3.75.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cumhur Kizilari reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vestel AC Charger \nversion \n\n3.75.0 contains a vulnerability that \ncould enable an attacker to access files containing sensitive \ninformation, such as credentials which could be used to further \ncompromise the device."
}
],
"value": "Vestel AC Charger \nversion \n\n3.75.0 contains a vulnerability that \ncould enable an attacker to access files containing sensitive \ninformation, such as credentials which could be used to further \ncompromise the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T23:15:52.975Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-03"
},
{
"url": "https://firebasestorage.googleapis.com/v0/b/vestel-shield.firebasestorage.app/o/PRODUCTION%2F1%2FVSA-1_R2.pdf?alt=media\u0026token=8201f299-5014-4720-9200-f1b335736ac1"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vestel strongly suggests that users of the related AC chargers update to version V3.187 or a higher version.\u003cbr\u003e"
}
],
"value": "Vestel strongly suggests that users of the related AC chargers update to version V3.187 or a higher version."
}
],
"source": {
"advisory": "ICSA-25-114-03",
"discovery": "EXTERNAL"
},
"title": "Vestel AC Charger Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAvoid using open network:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse secure methods like virtual private networks (VPNs) for remote \naccess. Regularly update VPNs to their latest versions and ensure that \nconnected devices maintain strong security measures.\u003c/li\u003e\n\u003cli\u003eReduce network exposure for applications and endpoints. Only make \nthem accessible via the Internet if specifically designed for and \nrequired by their intended use.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLogin Credentials Management:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eForce end user to revise the factory default set username and password of webconfig page.\u003c/li\u003e\n\u003cli\u003eRemove any printed documents such as installation guide, instruction\n book, quick start guide from web where login credentials are featured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease refer to Vestel\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://firebasestorage.googleapis.com/v0/b/vestel-shield.firebasestorage.app/o/PRODUCTION%2F1%2FVSA-1_R2.pdf?alt=media\u0026amp;token=8201f299-5014-4720-9200-f1b335736ac1\"\u003eadvisory\u003c/a\u003e for more information.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Avoid using open network:\n\n\n\n * Use secure methods like virtual private networks (VPNs) for remote \naccess. Regularly update VPNs to their latest versions and ensure that \nconnected devices maintain strong security measures.\n\n * Reduce network exposure for applications and endpoints. Only make \nthem accessible via the Internet if specifically designed for and \nrequired by their intended use.\n\n\n\n\nLogin Credentials Management:\n\n\n\n * Force end user to revise the factory default set username and password of webconfig page.\n\n * Remove any printed documents such as installation guide, instruction\n book, quick start guide from web where login credentials are featured.\n\n\n\n\nPlease refer to Vestel\u0027s advisory https://firebasestorage.googleapis.com/v0/b/vestel-shield.firebasestorage.app/o/PRODUCTION%2F1%2FVSA-1_R2.pdf for more information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-3606",
"datePublished": "2025-04-24T23:15:52.975Z",
"dateReserved": "2025-04-14T19:44:14.176Z",
"dateUpdated": "2025-04-25T16:02:38.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8997 (GCVE-0-2024-8997)
Vulnerability from cvelistv5 – Published: 2025-03-18 13:46 – Updated: 2025-06-27 09:16
VLAI?
Title
SQLi in Vestel's EVC04 Configuration Interface
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection.This issue affects EVC04 Configuration Interface: before V3.187, V4.53.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Vestel | EVC04 Configuration Interface |
Affected:
0 , < V3.187, V4.53
(custom)
|
Credits
Omer Fatih YEGIN
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T13:56:01.156681Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T13:56:06.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "EVC04 Configuration Interface",
"vendor": "Vestel",
"versions": [
{
"lessThan": "V3.187, V4.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Omer Fatih YEGIN"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection.\u003cp\u003eThis issue affects EVC04 Configuration Interface: before V3.187, V4.53.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection.This issue affects EVC04 Configuration Interface: before V3.187, V4.53."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T09:16:16.237Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-25-0070"
}
],
"source": {
"advisory": "TR-25-0070",
"defect": [
"TR-25-0070"
],
"discovery": "UNKNOWN"
},
"title": "SQLi in Vestel\u0027s EVC04 Configuration Interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2024-8997",
"datePublished": "2025-03-18T13:46:23.242Z",
"dateReserved": "2024-09-19T10:58:49.660Z",
"dateUpdated": "2025-06-27T09:16:16.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}