In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI.
Credits
Bender thanks Qianxin StarV Security Lab, China. The issue was coordinated by CERT@VDE.
