CVE-2025-27804
OS Command Injection Vulnerability in eCharge Hardy Barth cPH2 / cPP2 charging stations
Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt.php script. By publishing a specially crafted message to a certain MQTT topic arbitrary OS commands can be executed with root permissions.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Affected products
eCharge Hardy Barth · cPH2 / cPP2 charging stationsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →