CVE Details
Basic Information
| Title |
CVE-2025-48416 Backdoor Functionality via SSH in eCharge Hardy Barth cPH2 / cPP2 charging stations |
| Type |
cve |
| Published |
2025-05-21T12:15:02 |
| Last Seen |
2025-05-21T12:44:34 |
CVSS Information
| Base Score |
0.0 () |
| Attack Vector |
|
| Attack Complexity |
|
| Privileges Required |
|
| User Interaction |
|
| Scope |
|
| Confidentiality Impact |
|
| Integrity Impact |
|
| Availability Impact |
|
AI Analysis
| AI Description |
The vulnerability involves a backdoor in the SSH service of eCharge Hardy Barth cPH2 / cPP2 charging stations, allowing unauthorized access to the root user account. The default SSH configuration disables root login, but the hard-coded credentials in the /etc/shadow file can be exploited if the configuration is changed or if other vulnerabilities are present. |
| AI Severity |
High |
| Vendor |
eCharge Hardy Barth |
| Product |
cPH2 / cPP2 charging stations |
| Affected Version |
|
Additional Information
| CVE List |
CVE-2025-48416 |
| CWE List |
CWE-912 |
| Bulletin Family |
cve |
Description
An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the "/etc/shadow" file in the firmware image for the "root" user. However, in the default SSH configuration the "PermitRootLogin" is disabled,…
CVSS Score Summary
Base Score: %!f(string=#) ()
View Full CVE Details
