{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T22:19:19.588","vulnerabilities":[{"cve":{"id":"CVE-2024-5684","sourceIdentifier":"cve@asrg.io","published":"2024-06-06T13:15:32.027","lastModified":"2024-11-21T09:48:09.440","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would have. However, an attacker will not have developer or admin rights. If the implementation of the JWT-library is wrongly configured to accept \"none\"-algorithms, the server will pass insecure JWT. A local, unauthenticated attacker can exploit this vulnerability to bypass the authentication mechanism."},{"lang":"es","value":"Un atacante con acceso a la red privada (a la que está conectado el cargador) o acceso local a la interfaz Ethernet puede explotar una implementación defectuosa de la librería JWT para omitir la autenticación de contraseña en la interfaz de configuración web y luego tener acceso completo como lo habría hecho el usuario. Sin embargo, un atacante no tendrá derechos de desarrollador ni de administrador. Si la implementación de la librería JWT está configurada incorrectamente para aceptar algoritmos \"ninguno\", el servidor pasará JWT inseguro. Un atacante local no autenticado puede aprovechar esta vulnerabilidad para eludir el mecanismo de autenticación."}],"metrics":{"cvssMetricV31":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"cve@asrg.io","type":"Secondary","description":[{"lang":"en","value":"CWE-345"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-345"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:vw:id.charger_connect_firmware:spr3.2:beta:*:*:*:*:*:*","matchCriteriaId":"7EC6FAEB-299C-4B80-86DC-DCF360112634"},{"vulnerable":true,"criteria":"cpe:2.3:o:vw:id.charger_connect_firmware:spr3.51:*:*:*:*:*:*:*","matchCriteriaId":"38C5905C-1F7A-4747-8983-F40270C34A17"},{"vulnerable":true,"criteria":"cpe:2.3:o:vw:id.charger_connect_firmware:spr3.52:*:*:*:*:*:*:*","matchCriteriaId":"25691151-74B1-4B0D-BFDD-AE683B5C50C1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:vw:id.charger_connect:-:*:*:*:*:*:*:*","matchCriteriaId":"96237641-90A5-4382-96DF-52A7BDAC1F81"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:vw:id.charger_pro_firmware:spr3.2:beta:*:*:*:*:*:*","matchCriteriaId":"1977125C-AF1C-41EF-86A1-CF4549F22EF9"},{"vulnerable":true,"criteria":"cpe:2.3:o:vw:id.charger_pro_firmware:spr3.51:*:*:*:*:*:*:*","matchCriteriaId":"2F73F41A-6D43-4743-A8F2-F13A2C351AAE"},{"vulnerable":true,"criteria":"cpe:2.3:o:vw:id.charger_pro_firmware:spr3.52:*:*:*:*:*:*:*","matchCriteriaId":"2A391298-4342-4A2D-B16B-77AC8FDD09F9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:vw:id.charger_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"E2DBD3C1-5775-474D-BAD0-A1775DC80326"}]}]}],"references":[{"url":"https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/","source":"cve@asrg.io","tags":["Third Party Advisory"]},{"url":"https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}