eCharge Hardy Barth Charging Stations OS Backdoor Vulnerability

Vulnerability

A backdoor vulnerability has been identified in eCharge Hardy Barth cPH2 and cPP2 charging stations running firmware version 2.2.0. The vulnerability arises from hard-coded password hashes for the 'root' user, which are included in the update files. This allows an attacker to gain unauthorized access to the device, potentially through an SSH backdoor or physical access via a UART shell.

Impact

Exploitation of this vulnerability allows for unauthorized access to the device with root privileges, enabling an attacker to execute arbitrary commands, access sensitive data, and manipulate the device's configuration. This backdoor access can disrupt operations and compromise the security of the EV charging infrastructure.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.7

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.7

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

eCharge Hardy Barth Charging Stations OS Backdoor Vulnerability

Vulnerability

Impact

Affected Products

eCharge Hardy Barth cPH2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating