CVE-2020-8006

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://circontrol.com/intelligent-charging-solutions/dc-chargers-series/raption-150/", "name": "https://circontrol.com/intelligent-charging-solutions/dc-chargers-series/raption-150/", "tags": ["Product"], "refsource": ""}, {"url": "https://circontrol.com/intelligent-charging-solutions/dc-chargers-series/raption-150/", "name": "https://circontrol.com/intelligent-charging-solutions/dc-chargers-series/raption-150/", "tags": ["Product"], "refsource": ""}, {"url": "https://seclists.org/fulldisclosure/2024/Mar/33", "name": "https://seclists.org/fulldisclosure/2024/Mar/33", "tags": ["Mailing List"], "refsource": ""}, {"url": "https://seclists.org/fulldisclosure/2024/Mar/33", "name": "https://seclists.org/fulldisclosure/2024/Mar/33", "tags": ["Mailing List"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The ocpp1.5 and pwrstudio binaries on the charging station do not use a number of common exploitation mitigations. In particular, there are no stack canaries and they do not use the Position Independent Executable (PIE) format."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-8006", "ASSIGNER": "cve@mitre.org"}}, "impact": {}, "publishedDate": "2024-04-12T12:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:circontrol:raption_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.11.2"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-06-17T21:01Z"}