System logs could be accessed through web management application due to a lack of access control.

An attacker can obtain the following sensitive information:

• Wi-Fi access point credentials to which the EV charger can connect.

• APN web address and credentials.

• IPSEC credentials.

• Web interface access credentials for user and admin accounts.

• JuiceBox system components (software installed, model, firmware version, etc.).

• C2G configuration details.

• Internal IP addresses.

• OTA firmware update configurations (DNS servers).

All the credentials are stored in logs in an unencrypted plaintext format.