eCharge Hardy Barth USB Backdoor Vulnerability Allowing OS Command Execution

Vulnerability

A USB backdoor vulnerability has been identified in eCharge Hardy Barth cPH2 and cPP2 charging stations, specifically in version 2.2.0. This vulnerability can be exploited by attaching a USB drive containing specially crafted 'salia.ini' files. These .ini files can include various 'commands' that an attacker could use to export or modify the device configuration, enable an SSH backdoor, or perform other administrative actions. Ultimately, this backdoor allows for arbitrary execution of operating system commands.

Impact

Exploitation of this vulnerability could lead to unauthorized modification of device settings, activation of backdoor access via SSH, and execution of arbitrary commands on the operating system, potentially compromising the device's integrity and functionality.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.8

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.8

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

eCharge Hardy Barth USB Backdoor Vulnerability Allowing OS Command Execution

Vulnerability

Impact

Affected Products

eCharge Hardy Barth cPH2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating