CVE-2025-48416
Backdoor Functionality via SSH in eCharge Hardy Barth cPH2 / cPP2 charging stations
An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the "/etc/shadow" file in the firmware image for the "root" user. However, in the default SSH configuration the "PermitRootLogin" is disabled, preventing the root user from logging in via SSH. This configuration can be bypassed/changed by an attacker through multiple paths though.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
eCharge Hardy Barth · cPH2 / cPP2 charging stationsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →