Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt.php script. By publishing a specially crafted message to a certain MQTT topic arbitrary OS commands can be executed with root permissions.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://r.sec-consult.com/echarge |
![]() ![]() |
History
Wed, 21 May 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
Wed, 21 May 2025 11:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt.php script. By publishing a specially crafted message to a certain MQTT topic arbitrary OS commands can be executed with root permissions. | |
Title | OS Command Injection Vulnerability in eCharge Hardy Barth cPH2 / cPP2 charging stations | |
Weaknesses | CWE-78 | |
References |
|

Status: PUBLISHED
Assigner: SEC-VLab
Published: 2025-05-21T11:35:11.940Z
Updated: 2025-05-21T16:21:30.810Z
Reserved: 2025-03-07T06:46:34.309Z
Link: CVE-2025-27804

Updated: 2025-05-21T16:21:24.876Z

Status : Awaiting Analysis
Published: 2025-05-21T12:16:21.283
Modified: 2025-05-21T20:24:58.133
Link: CVE-2025-27804

No data.