11 matches found
CVE-2025-3881
eCharge Hardy Barth cPH2 checkreq.php ntp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this...
CVE-2025-48417 Hard-Coded Certificate and Private Key for HTTPS Web Interface in eCharge Hardy Barth cPH2 / cPP2 charging stations
The certificate and private key used for providing transport layer security for connections to the web interface TCP port 443 is hard-coded in the firmware and are shipped with the update files. An attacker can use the private key to perform man-in-the-middle attacks against users of the admin...
CVE-2025-48417 Hard-Coded Certificate and Private Key for HTTPS Web Interface in eCharge Hardy Barth cPH2 / cPP2 charging stations
The certificate and private key used for providing transport layer security for connections to the web interface TCP port 443 is hard-coded in the firmware and are shipped with the update files. An attacker can use the private key to perform man-in-the-middle attacks against users of the admin...
CVE-2025-48417
The CVE-2025-48417 entry concerns hard-coded TLS certificates and private keys in the firmware of eCharge Hardy Barth cPH2 and cPP2 charging stations. The web interface (port 443) uses files in /etc/ssl (e.g., salia.local.crt, salia.local.key, salia.local.pem) and there is no option to upload or ...
CVE-2025-48416 Backdoor Functionality via SSH in eCharge Hardy Barth cPH2 / cPP2 charging stations
An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the "/etc/shadow" file in the firmware image for the "root" user. However, in the default SSH configuration the "PermitRootLogin" is disabled, preventing the root user from logging in via SSH. This configuration can be...
CVE-2025-48416
CVE-2025-48416 describes a vulnerability in an OpenSSH daemon where a hard-coded entry for root exists in the firmware image’s /etc/shadow. Despite PermitRootLogin being disabled by default, the credential can be bypassed or altered through multiple paths, enabling potential unauthorized root acc...
CVE-2025-48413 Hard-coded OS root credentials in eCharge Hardy Barth cPH2 / cPP2 charging stations
The /etc/passwd and /etc/shadow files reveal hard-coded password hashes for the operating system "root" user. The credentials are shipped with the update files. There is no option for deleting or changing their passwords for an enduser. An attacker can use the credentials to log into the device...
CVE-2025-48413
CVE-2025-48413 affects the eCharge Hardy Barth cPH2 and cPP2 charging stations. The root cause is hard-coded password hashes stored in the system files /etc/passwd and /etc/shadow that are shipped with update files. This allows an attacker to log into the device, potentially via an SSH backdoor o...
CVE-2025-27804 OS Command Injection Vulnerability in eCharge Hardy Barth cPH2 / cPP2 charging stations
Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt.php script. By publishing a specially crafted message to a certain MQTT topic arbitrary OS commands can be executed with root permissions...
CVE-2025-27804
CVE-2025-27804 affects eCharge Hardy Barth cPH2 and cPP2 charging stations. The vulnerability stems from multiple OS command injections in the device firmware, specifically via the /var/salia/mqtt.php script. When a specially crafted MQTT message is published to a certain topic, arbitrary OS comm...
CVE-2025-27803 Missing Authentication in eCharge Hardy Barth cPH2 / cPP2 charging stations
The devices do not implement any authentication for the web interface or the MQTT server. An attacker who has network access to the device immediately gets administrative access to the devices and can perform arbitrary administrative actions and reconfigure the devices or potentially gain access ...