Command Injection Vulnerability in eCharge Hardy Barth cPH2 by Hardy Barth
CVE-2025-3882

8.8HIGH

Key Information:

Status
Vendor
CVE Published:
22 May 2025

What is CVE-2025-3882?

A significant vulnerability exists in the eCharge Hardy Barth cPH2 charging stations that allows network-adjacent attackers to exploit the 'dest' parameter in the nwcheckexec.php endpoint for remote code execution. Due to insufficient validation of user-supplied input, attackers can execute arbitrary code in the context of the 'www-data' user, compromising the security of the affected installations. Notably, this exploitation does not require user authentication, elevating the risk for affected systems.

Affected Version(s)

cPH2 2.0.4

References

CVSS V3.0

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.