cbcvebase.

Hardy-Barth Cph2 Echarge Firmware vulnerabilities

7 known vulnerabilities affecting hardy-barth/cph2_echarge_firmware.

Total CVEs
7
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH5

Vulnerabilities

Page 1 of 1
CVE-2023-46359P1CRITICALCVSS 9.8PoC≤ 1.87.02024-02-06
CVE-2023-46359 [CRITICAL] CWE-78 CVE-2023-46359: An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, m An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.
nvd
CVE-2023-46360P2HIGHCVSS 8.8PoC≤ 1.87.02024-02-06
CVE-2023-46360 [HIGH] CWE-250 CVE-2023-46360: Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary Privileges.
nvd
CVE-2024-11666P2CRITICALCVSS 9.8≤ 2.0.42024-11-24
CVE-2024-11666 [CRITICAL] CWE-345 CVE-2024-11666: Affected devices beacon to eCharge cloud infrastructure asking if there are any command they should Affected devices beacon to eCharge cloud infrastructure asking if there are any command they should run. This communication is established over an insecure channel since peer verification is disabled everywhere. Therefore, remote unauthenticated users suitably positioned on the network between an EV charger controller and eCharge infrastructure can
nvd
CVE-2025-3881P2HIGHCVSS 8.8v2.0.42025-05-22
CVE-2025-3881 [HIGH] CWE-78 CVE-2025-3881: eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability. Th eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handlin
nvd
CVE-2025-3882P2HIGHCVSS 8.8v2.0.42025-05-22
CVE-2025-3882 [HIGH] CWE-78 CVE-2025-3882: eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability. eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hand
nvd
CVE-2025-3883P2HIGHCVSS 8.8v2.0.42025-05-22
CVE-2025-3883 [HIGH] CWE-78 CVE-2025-3883: eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability. This vulne eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of GET
nvd
CVE-2024-11665P3HIGHCVSS 8.8≤ 2.0.42024-11-24
CVE-2024-11665 [HIGH] CWE-77 CVE-2024-11665: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in hardy-barth cph2_echarge_firmware allows OS Command Injection.This issue affects cph2_echarge_firmware: through 2.0.4.
nvd
Hardy-Barth Cph2 Echarge Firmware vulnerabilities | cvebase