CVE-2025-27803

Missing Authentication in eCharge Hardy Barth cPH2 / cPP2 charging stations

CVSS 6.5 MEDIUMEPSS 0.4%CWE-306

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 6.5EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

21 may 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The devices do not implement any authentication for the web interface or the MQTT server. An attacker who has network access to the device immediately gets administrative access to the devices and can perform arbitrary administrative actions and reconfigure the devices or potentially gain access to sensitive data.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Productos afectados

eCharge Hardy Barth · cPH2 / cPP2 charging stations

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://seclists.org/fulldisclosure/2025/May/23 https://r.sec-consult.com/echarge