Back to search
CVE-2025-27803
Published: May 21, 2025
Modified: Nov 3, 2025
PUBLISHED
Description
The devices do not implement any authentication for the web interface or the MQTT server. An attacker who has network access to the device immediately gets administrative access to the devices and can perform arbitrary administrative actions and reconfigure the devices or potentially gain access to sensitive data.
| Vendor | Product | Versions |
|---|---|---|
eCharge Hardy Barth | cPH2 / cPP2 charging stations | affected <=2.2.0 |
Weaknesses (CWE)
References
https://r.sec-consult.com/echarge
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now