{“lastseen”:””,”description”:”WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction.”,”published”:”2026-01-05T15:39:19.710Z”,”modified”:”2026-01-05T15:39:19.710Z”,”type”:”cve”,”title”:”CVE-2025-14346″,”source”:”icscert”,”references”:”https:\/\/www.cisa.gov\/news-events\/ics-medical-advisories\/icsma-25-364-01″,”id”:”CVE-2025-14346″,”bulletinFamily”:””,”cwe”:[“CWE-306″],”cvelist”:null,”sourceData”:”WHILL Model C2 Electric Wheelchair all\\nWHILL Model F Power Chair all”,”sourceHref”:””,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Model C2 Electric Wheelchair, Model F Power Chair”,”version”:”all”,”vendor”:”WHILL”,”ai_description”:”Unauthenticated Bluetooth connection vulnerability allowing movement command manipulation and configuration override”,”ai_severity”:”Critical”,”ai_vendor”:”WHILL”,”ai_product”:”Model C2 Electric Wheelchair, Model F Power Chair”,”ai_version”:”all”,”ai_score”:9.8}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[9,6,8,35,12,13,7,11,5],"class_list":["post-33995","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n