CVE-2025-5748 in Level 2 EV Chargerinfo

Summary

by MITRE • 06/06/2025

WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

The specific flaw exists within the Tuya communications module software. The issue results from the exposure of a method allowing the upload of crafted software images to the module. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26349.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 08/14/2025

The CVE-2025-5748 vulnerability represents a critical remote code execution flaw in WOLFBOX Level 2 EV Chargers that operates through the Tuya communications module software. This vulnerability specifically targets the device's over-the-air update mechanism, creating an attack surface that allows malicious actors to upload and execute arbitrary code on the affected hardware. The flaw exists within the network communication protocols that govern how the device handles firmware updates and software image transfers, making it particularly dangerous for connected electric vehicle charging infrastructure.

The technical implementation of this vulnerability stems from improper access controls within the Tuya module's software architecture, where a dangerous method remains exposed to network-adjacent attackers. This exposure occurs despite the system requiring authentication for exploitation, as the existing authentication mechanism contains a critical flaw that can be bypassed through well-known credential manipulation techniques. The vulnerability allows attackers to upload crafted software images that can execute code with the privileges of the device's operating system, effectively granting them complete control over the charging station's functionality and potentially compromising the broader network infrastructure it connects to.

From an operational perspective, this vulnerability poses significant risks to electric vehicle charging networks and their operators. The attack surface extends beyond individual devices to potentially affect entire charging station deployments, especially when multiple units share similar communication protocols and firmware versions. The fact that authentication can be bypassed means that attackers do not require legitimate credentials to exploit the vulnerability, making it particularly attractive for automated attacks. Network-adjacent attackers can leverage this flaw to gain persistent access to charging infrastructure, potentially leading to service disruption, unauthorized charging sessions, or even physical security breaches of the charging station locations.

The vulnerability aligns with CWE-284, which addresses improper access control in software systems, and demonstrates how weak authentication mechanisms combined with exposed administrative functions create dangerous attack vectors. This flaw also maps to ATT&CK technique T1059.007 for command and scripting interpreter, as successful exploitation would allow attackers to execute arbitrary commands on the device. Organizations should implement immediate mitigations including network segmentation to isolate charging infrastructure, disabling unnecessary remote access features, and deploying network monitoring solutions to detect anomalous firmware update activities. Additionally, regular firmware updates from the vendor, though potentially delayed due to the nature of this vulnerability, should be prioritized alongside comprehensive vulnerability assessments of the entire charging network ecosystem to prevent exploitation and maintain operational security.

Responsible

Zdi

Reservation

06/05/2025

Disclosure

06/06/2025

Moderation

accepted

CPE

ready

EPSS

0.00382

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!