CVE-2025-5751 in Level 2 EV Chargerinfo

Summary

by MITRE • 06/06/2025

WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of management cards. The issue results from the lack of personalization of management cards. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26292.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 08/14/2025

The CVE-2025-5751 vulnerability represents a critical authentication bypass flaw in WOLFBOX Level 2 EV Chargers that exposes the management card subsystem to unauthorized access. This vulnerability specifically targets the hardware-level management card component that controls access to the charger's administrative functions and configuration settings. The flaw stems from a fundamental design oversight where management cards are shipped with hard-coded credentials that remain unchanged throughout deployment, creating a persistent security weakness that can be exploited by anyone with physical access to the device. The vulnerability's classification aligns with CWE-798, which addresses the use of hard-coded credentials in software systems, and represents a significant risk to the security posture of electric vehicle charging infrastructure. This type of vulnerability is particularly dangerous because it eliminates the need for network-based exploitation or sophisticated attack vectors, making it accessible to attackers with minimal technical expertise and physical proximity to the target device.

The technical implementation of this vulnerability occurs at the hardware management card level where the system fails to properly personalize authentication credentials during the manufacturing or deployment process. Management cards in affected WOLFBOX chargers are configured with default, static credentials that are publicly documented or easily discoverable through reverse engineering of the device firmware or hardware components. Attackers with physical access can exploit this weakness by simply connecting to the management card interface and using the hard-coded credentials to gain full administrative access to the charger's control systems. This bypass mechanism operates at the authentication layer, allowing attackers to perform critical operations such as modifying charging parameters, accessing user data, disabling security features, or even potentially manipulating the charging process to cause harm to connected electric vehicles. The vulnerability's impact is amplified because it operates at the system level rather than application level, meaning that standard application security controls and network-based protections are ineffective against this type of attack.

The operational impact of CVE-2025-5751 extends beyond simple unauthorized access to encompass potential safety and security risks within electric vehicle charging networks. Attackers who exploit this vulnerability can manipulate charging parameters, potentially causing overcharging incidents that pose fire hazards or battery damage to electric vehicles. The vulnerability also enables attackers to modify access control settings, allowing unauthorized individuals to use charging stations without proper authorization or payment processing. From a network security perspective, this vulnerability creates an attack surface that can serve as a foothold for broader network infiltration, particularly in environments where charging stations are connected to corporate networks or integrated with building management systems. The vulnerability's presence in the management card subsystem also means that attackers could potentially access sensitive data related to charging sessions, user information, payment records, and operational metrics that are typically protected by proper authentication mechanisms. This type of attack aligns with ATT&CK technique T1210, which describes exploitation of remote services, and T1078, which covers valid accounts usage, as attackers can leverage the legitimate management credentials to conduct unauthorized activities.

Organizations and security teams should implement immediate mitigations to address this vulnerability by conducting comprehensive inventory assessments to identify all affected WOLFBOX Level 2 EV Chargers within their infrastructure. The primary remediation strategy involves replacing affected management cards with properly personalized units that contain unique, dynamically generated credentials rather than hard-coded values. Additionally, physical security measures should be enhanced to restrict unauthorized access to charging stations, particularly in public or semi-public locations where attackers could easily approach and exploit the vulnerability. Network segmentation and monitoring should be implemented to detect unauthorized access attempts or unusual activity patterns that may indicate exploitation of this vulnerability. Security professionals should also consider implementing device attestation mechanisms that can verify the authenticity of management cards and detect tampering or unauthorized replacement of components. The vulnerability's resolution should include firmware updates that enforce proper credential generation and management processes, ensuring that future deployments do not inherit the same hard-coded credential issue. This remediation approach addresses both the immediate threat posed by the vulnerability and prevents similar issues from occurring in future deployments of the same or similar charging infrastructure.

Responsible

Zdi

Reservation

06/05/2025

Disclosure

06/06/2025

Moderation

accepted

CPE

ready

EPSS

0.00252

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!