CVE-2025-48415

Backdoor Functionality via USB Drive in eCharge Hardy Barth cPH2 / cPP2 charging stations

CVSS 6.2 MEDIUMEPSS 0.2%CWE-749

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.2EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

21 May 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted "salia.ini" files. The .ini file can contain several "commands" that could be exploited by an attacker to export or modify the device configuration, enable an SSH backdoor or perform other administrative actions. Ultimately, this backdoor also allows arbitrary execution of OS commands.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

eCharge Hardy Barth · cPH2 / cPP2 charging stations

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://seclists.org/fulldisclosure/2025/May/23 https://r.sec-consult.com/echarge