HIGH🇬🇧 English

CVE-2025-5748

CVSS 8.0v3.0pub. 2025-06-06upd. 2025-08-14

WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Tuya communications module software. The issue results from the exposure of a method allowing the upload of crafted software images to the module. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26349.

oryginał EN
CVSS Vector
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Wolfbox Level 2 Ev Charger

    HW
    Wolfbox
    wszystkie wersje
  • Wolfbox Level 2 Ev Charger Firmware

    OS
    Wolfbox
    3.1.17
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2025-5747HIGH8.0ten sam produkt

WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability....

CVE-2025-5749HIGH8.8ten sam produkt

WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability. Thi...

CVE-2025-5750HIGH8.8ten sam produkt

WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Executi...

CVE-2025-5751MEDIUM6.8ten sam produkt

WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability. This vu...