CVE-2025-27804 OS Command Injection Vulnerability in eCharge Hardy Barth cPH2 / cPP2 charging stations

May 21, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-27804 OS Command Injection Vulnerability in eCharge Hardy Barth cPH2 / cPP2 charging stations
Type cve
Published 2025-05-21T11:35:11
Last Seen 2025-05-21T12:09:29

CVSS Information

Base Score 0.0 ()
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact

AI Analysis

AI Description A vulnerability in the firmware of eCharge Hardy Barth cPH2 / cPP2 charging stations allows attackers to execute arbitrary OS commands via a specially crafted MQTT message. This can lead to unauthorized access and control over the charging station.
AI Severity High
Vendor eCharge Hardy Barth
Product cPH2 / cPP2 charging stations
Affected Version

Additional Information

CVE List CVE-2025-27804
CWE List CWE-78
Bulletin Family cve

Description

Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt.php script. By publishing a specially crafted message to a certain MQTT topic arbitrary OS commands…

CVSS Score Summary

Base Score: %!f(string=#) ()

View Full CVE Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.