5 matches found
CVE-2025-5747
CVE-2025-5747 affects WOLFBOX Level 2 EV Charger MCU command parsing. The flaw is in how command frames are parsed: the process fails to reliably detect the start of a frame, enabling misinterpretation of input. This can allow network-adjacent attackers to execute arbitrary code within the device...
CVE-2025-5750
CVE-2025-5750 affects WOLFBOX Level 2 EV Charger. The issue is a heap-based buffer overflow in the tuya_svc_devos_activate_result_parse path caused by improper validation of the lengths of secKey, localKey, stdTimeZone, and devId, allowing network-adjacent attackers to execute arbitrary code with...
CVE-2025-5748
CVE-2025-5748 concerns the WOLFBOX Level 2 EV Charger, specifically the Tuya communications module software. The vulnerability arises from the exposure of a method that permits uploading crafted software images to the module, enabling code execution in the device’s context. It is exploitable by n...
CVE-2025-5749
The CVE-2025-5749 issue affects WOLFBOX Level 2 EV Charger devices, specifically the BLE communication path. The root cause is an uninitialized variable in the handling of cryptographic keys used in vendor-specific encrypted communications, enabling authentication bypass for network-adjacent atta...
CVE-2025-5751
The CVE-2025-5751 issue affects WOLFBOX Level 2 EV Charger and stems from the management card handling: lack of personalization enables authentication bypass. Physical access is required to exploit, with no user interaction needed. The vulnerability allows an attacker to bypass authentication on ...