HIGH🇵🇱 Wersja polska

CVE-2025-5747

CVSS 8.0v3.0pub. 2025-06-06upd. 2025-08-14

WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of command frames received by the MCU. When parsing frames, the process does not properly detect the start of a frame, which can lead to misinterpretation of input. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. Was ZDI-CAN-26501.

CVSS Vector
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Wolfbox Level 2 Ev Charger

    HW
    Wolfbox
    wszystkie wersje
  • Wolfbox Level 2 Ev Charger Firmware

    OS
    Wolfbox
    3.1.17
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-5748HIGH8.0ten sam produkt

WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerab...

CVE-2025-5749HIGH8.8ten sam produkt

WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability. Thi...

CVE-2025-5750HIGH8.8ten sam produkt

WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Executi...

CVE-2025-5751MEDIUM6.8ten sam produkt

WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability. This vu...