Lucene search
+L

11 matches found

OSV
OSV
added 2025/05/22 1:15 a.m.5 views

CVE-2025-3881

eCharge Hardy Barth cPH2 checkreq.php ntp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this...

8.8CVSS6.2AI score0.00789EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/21 12:30 p.m.7 views

CVE-2025-48417 Hard-Coded Certificate and Private Key for HTTPS Web Interface in eCharge Hardy Barth cPH2 / cPP2 charging stations

The certificate and private key used for providing transport layer security for connections to the web interface TCP port 443 is hard-coded in the firmware and are shipped with the update files. An attacker can use the private key to perform man-in-the-middle attacks against users of the admin...

7.1AI score0.00197EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/21 12:30 p.m.24 views

CVE-2025-48417 Hard-Coded Certificate and Private Key for HTTPS Web Interface in eCharge Hardy Barth cPH2 / cPP2 charging stations

The certificate and private key used for providing transport layer security for connections to the web interface TCP port 443 is hard-coded in the firmware and are shipped with the update files. An attacker can use the private key to perform man-in-the-middle attacks against users of the admin...

0.00197EPSS
Exploits1References1
CVE
CVE
added 2025/05/21 12:30 p.m.56 views

CVE-2025-48417

The CVE-2025-48417 entry concerns hard-coded TLS certificates and private keys in the firmware of eCharge Hardy Barth cPH2 and cPP2 charging stations. The web interface (port 443) uses files in /etc/ssl (e.g., salia.local.crt, salia.local.key, salia.local.pem) and there is no option to upload or ...

6.5CVSS6.5AI score0.00197EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/05/21 12:15 p.m.22 views

CVE-2025-48416 Backdoor Functionality via SSH in eCharge Hardy Barth cPH2 / cPP2 charging stations

An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the "/etc/shadow" file in the firmware image for the "root" user. However, in the default SSH configuration the "PermitRootLogin" is disabled, preventing the root user from logging in via SSH. This configuration can be...

0.00519EPSS
Exploits1References1
CVE
CVE
added 2025/05/21 12:15 p.m.64 views

CVE-2025-48416

CVE-2025-48416 describes a vulnerability in an OpenSSH daemon where a hard-coded entry for root exists in the firmware image’s /etc/shadow. Despite PermitRootLogin being disabled by default, the credential can be bypassed or altered through multiple paths, enabling potential unauthorized root acc...

8.1CVSS6.8AI score0.00519EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/05/21 11:39 a.m.25 views

CVE-2025-48413 Hard-coded OS root credentials in eCharge Hardy Barth cPH2 / cPP2 charging stations

The /etc/passwd and /etc/shadow files reveal hard-coded password hashes for the operating system "root" user. The credentials are shipped with the update files. There is no option for deleting or changing their passwords for an enduser. An attacker can use the credentials to log into the device...

0.00216EPSS
Exploits1References1
CVE
CVE
added 2025/05/21 11:39 a.m.50 views

CVE-2025-48413

CVE-2025-48413 affects the eCharge Hardy Barth cPH2 and cPP2 charging stations. The root cause is hard-coded password hashes stored in the system files /etc/passwd and /etc/shadow that are shipped with update files. This allows an attacker to log into the device, potentially via an SSH backdoor o...

7.7CVSS6.6AI score0.00216EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/05/21 11:35 a.m.5 views

CVE-2025-27804 OS Command Injection Vulnerability in eCharge Hardy Barth cPH2 / cPP2 charging stations

Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt.php script. By publishing a specially crafted message to a certain MQTT topic arbitrary OS commands can be executed with root permissions...

7.1AI score0.00962EPSS
Exploits1References1
CVE
CVE
added 2025/05/21 11:35 a.m.47 views

CVE-2025-27804

CVE-2025-27804 affects eCharge Hardy Barth cPH2 and cPP2 charging stations. The vulnerability stems from multiple OS command injections in the device firmware, specifically via the /var/salia/mqtt.php script. When a specially crafted MQTT message is published to a certain topic, arbitrary OS comm...

6.5CVSS7.6AI score0.00962EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/05/21 11:29 a.m.21 views

CVE-2025-27803 Missing Authentication in eCharge Hardy Barth cPH2 / cPP2 charging stations

The devices do not implement any authentication for the web interface or the MQTT server. An attacker who has network access to the device immediately gets administrative access to the devices and can perform arbitrary administrative actions and reconfigure the devices or potentially gain access ...

0.00425EPSS
Exploits1References1
Rows per page
Query Builder