Command Injection Vulnerability in eCharge Hardy Barth cPH2 by Hardy Barth
CVE-2025-3882
8.8HIGH
What is CVE-2025-3882?
A significant vulnerability exists in the eCharge Hardy Barth cPH2 charging stations that allows network-adjacent attackers to exploit the 'dest' parameter in the nwcheckexec.php endpoint for remote code execution. Due to insufficient validation of user-supplied input, attackers can execute arbitrary code in the context of the 'www-data' user, compromising the security of the affected installations. Notably, this exploitation does not require user authentication, elevating the risk for affected systems.
Affected Version(s)
cPH2 2.0.4