Remote Code Execution Vulnerability in WOLFBOX Level 2 EV Charger by Tuya
CVE-2025-5748

8HIGH

Key Information:

Vendor

Wolfbox

Status
Level 2 Ev Charger
Vendor
CVE Published:
6 June 2025

What is CVE-2025-5748?

CVE-2025-5748 is a critical vulnerability found in the WOLFBOX Level 2 EV Charger, which is powered by Tuya software. This charger is designed to provide efficient electric vehicle charging solutions for home and commercial use. The vulnerability stems from a dangerous method exposed in the charger’s LAN OTA (Over-The-Air) update mechanism, allowing network-adjacent attackers to potentially execute arbitrary code on the device. Although the vulnerability requires authentication to be successfully exploited, the method for authentication can be bypassed, making it particularly concerning for organizations that rely on these chargers.

If exploited, CVE-2025-5748 could allow attackers to upload malicious software images to the device, executing code within its context. This could lead to unauthorized control over the charger, posing risks not only to the operation of the EV charger but possibly compromising the broader network it connects to. The implications of such access could severely affect the integrity and security of connected systems, especially in environments where EV chargers are integrated into larger infrastructure.

Potential impact of CVE-2025-5748

  1. Unauthorized Remote Code Execution: The critical nature of this vulnerability allows an attacker to execute arbitrary code on the affected charging device. This could lead to severe operational disruptions, as the attacker could manipulate charging operations or gain control of the device for malicious purposes.

  2. Bypassing Authentication: The vulnerability enables the circumvention of existing authentication mechanisms, which typically protect the device from unauthorized access. This flaw significantly weakens the security posture of the WOLFBOX Level 2 EV Charger, increasing the risk of exploitation by threat actors.

  3. Network Compromise: Given that the EV charger is network-adjacent, an attacker can leverage this vulnerability not just to manipulate the charger, but also to gain a foothold within the organization's broader network. This could lead to unauthorized access to sensitive data, further exploitation of connected devices, and potential escalation of attacks across the entire network infrastructure.

Affected Version(s)

Level 2 EV Charger 3.1.17 (main), 1.2.6 (MCU)

References

https://www.zerodayinitiative.com/advisories/ZDI-25-327/
x_research-advisory

CVSS V3.0

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-5748 : Remote Code Execution Vulnerability in WOLFBOX Level 2 EV Charger by Tuya