CVE-2025-27803

Missing Authentication in eCharge Hardy Barth cPH2 / cPP2 charging stations

CVSS 6.5 MEDIUMEPSS 0.4%CWE-306

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.5EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

21 May 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The devices do not implement any authentication for the web interface or the MQTT server. An attacker who has network access to the device immediately gets administrative access to the devices and can perform arbitrary administrative actions and reconfigure the devices or potentially gain access to sensitive data.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Affected products

eCharge Hardy Barth · cPH2 / cPP2 charging stations

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://seclists.org/fulldisclosure/2025/May/23 https://r.sec-consult.com/echarge