CVE-2025-5747 in Level 2 EV Chargerinfo

Summary

by MITRE • 06/06/2025

WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this vulnerability.

The specific flaw exists within the handling of command frames received by the MCU. When parsing frames, the process does not properly detect the start of a frame, which can lead to misinterpretation of input. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. Was ZDI-CAN-26501.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 08/14/2025

The CVE-2025-5747 vulnerability represents a critical command parsing flaw in WOLFBOX Level 2 EV Charger devices that exposes organizations to significant remote execution risks. This vulnerability specifically targets the Microcontroller Unit (MCU) component responsible for processing command frames within the charging infrastructure. The flaw stems from inadequate frame start detection mechanisms during input processing, creating a pathway for malicious actors to manipulate command sequences and potentially compromise the entire charging ecosystem. The vulnerability's classification as a remote code execution issue indicates that attackers can gain unauthorized control over device operations without physical access, making it particularly dangerous for commercial and residential charging installations. The requirement for authentication to exploit this vulnerability suggests that while it may be more difficult to leverage than fully unauthenticated exploits, it still represents a serious security gap that could be exploited by compromised credentials or social engineering attacks.

The technical implementation of this vulnerability demonstrates a fundamental flaw in input validation and frame parsing logic within the MCU firmware. When the system receives command frames, the parsing routine fails to properly identify frame boundaries, allowing attackers to inject malicious data that gets misinterpreted as legitimate commands. This misinterpretation can occur when the start-of-frame detection mechanism is bypassed or confused by specially crafted input sequences. The vulnerability's exploitation requires an attacker to be network-adjacent to the target device, meaning they must be on the same network segment or have access to the communication channel used by the EV charger. This adjacency requirement reduces the attack surface compared to fully remote vulnerabilities but still leaves installations vulnerable in environments where network segmentation is inadequate or compromised. The vulnerability's relationship to ZDI-CAN-26501 indicates it was previously identified and tracked by the Zero Day Initiative, highlighting its significance in the cybersecurity community and the need for immediate remediation.

The operational impact of CVE-2025-5747 extends beyond simple code execution, potentially enabling attackers to manipulate charging parameters, disrupt service availability, or even cause physical damage to charging infrastructure. Organizations deploying WOLFBOX Level 2 EV Chargers face risks including unauthorized charging sessions, data exfiltration from connected systems, and potential service interruption for legitimate users. The vulnerability could be particularly damaging in commercial settings where charging stations serve multiple users and generate revenue, as attackers might manipulate billing systems or disable charging capabilities to extort payments. The remote code execution capability also opens possibilities for attackers to establish persistent access points within networks, potentially using the compromised charging device as a foothold for broader attacks. This vulnerability directly impacts the security posture of electric vehicle infrastructure and highlights the critical need for robust firmware security in IoT devices. The issue aligns with CWE-129, which covers improper validation of input boundaries, and may also relate to CWE-78, concerning OS command injection, depending on how the command parsing is implemented within the device firmware.

Mitigation strategies for CVE-2025-5747 should prioritize immediate firmware updates from WOLFBOX to address the command parsing flaw. Organizations must implement network segmentation to isolate charging infrastructure from critical business systems, reducing the potential impact of successful exploitation. Access controls should be strengthened through multi-factor authentication for administrative access to charging systems, and network monitoring should be enhanced to detect anomalous command sequences. Regular security assessments of charging infrastructure should include vulnerability scanning and penetration testing to identify similar issues in other IoT devices. The remediation approach should follow NIST SP 800-53 security controls, particularly those related to system and communications protection, to ensure comprehensive defense against similar vulnerabilities. Additionally, implementing network access controls such as firewalls and intrusion detection systems can help prevent unauthorized access to charging device management interfaces, while regular security audits should verify that authentication mechanisms remain robust against credential-based attacks. Organizations should also consider implementing device integrity monitoring to detect unauthorized firmware modifications that could exploit this vulnerability or similar issues.

Responsible

Zdi

Reservation

06/05/2025

Disclosure

06/06/2025

Moderation

accepted

CPE

ready

EPSS

0.00360

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!