CVE-2025-5751
BaseFortify
Publication date: 2025-06-06
Last updated on: 2025-08-14
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wolfbox | level_2_ev_charger_firmware | 3.1.17 |
| wolfbox | level_2_ev_charger | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects WOLFBOX Level 2 EV Charger management cards and allows attackers who are physically present to bypass authentication. The flaw exists because the management cards lack personalization, meaning no unique credentials are required to access the system. As a result, an attacker can gain unauthorized access to the charger's management system without needing any credentials. [1]
How can this vulnerability impact me? :
The vulnerability allows an attacker with physical access to bypass authentication and gain unauthorized access to the management system of the WOLFBOX Level 2 EV Charger. This can lead to high integrity impact, meaning the attacker could potentially alter or manipulate the charger's management settings or operations. However, it does not impact confidentiality or availability. [1]
What immediate steps should I take to mitigate this vulnerability?
Since the vulnerability allows authentication bypass via management cards that lack personalization and requires physical presence, immediate mitigation steps include restricting physical access to the WOLFBOX Level 2 EV Charger management cards and devices. Monitor and control who can access the chargers physically to prevent exploitation. Additionally, consider implementing compensating controls such as network segmentation or physical security enhancements until an official patch or update is available. [1]