CVE-2025-48415

Backdoor Functionality via USB Drive in eCharge Hardy Barth cPH2 / cPP2 charging stations

CVSS 6.2 MEDIUMEPSS 0.2%CWE-749

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 6.2EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

21 may 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted "salia.ini" files. The .ini file can contain several "commands" that could be exploited by an attacker to export or modify the device configuration, enable an SSH backdoor or perform other administrative actions. Ultimately, this backdoor also allows arbitrary execution of OS commands.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Productos afectados

eCharge Hardy Barth · cPH2 / cPP2 charging stations

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://seclists.org/fulldisclosure/2025/May/23 https://r.sec-consult.com/echarge