Primary

Context

Schneider Electric EVLink WallBox Path Traversal Vulnerability Allowing Arbitrary File Writes

Vulnerability

A path traversal vulnerability has been identified in the Schneider Electric EVLink WallBox, all versions. This vulnerability, categorized as CWE-22, allows an unauthenticated user to manipulate file paths, potentially leading to arbitrary file writes on the web server.

Impact

Exploitation of this vulnerability could result in unauthorized file writes, with potential consequences depending on the nature of the files written.

Remediation

The EVLink WallBox has reached its end of life and is no longer supported. Customers are advised to upgrade to the EVLink Pro AC. For those who continue to use the WallBox, it is recommended to implement network segmentation, block unauthorized access to HTTP ports, choose strong passwords, and change them periodically.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Schneider Electric EVLink WallBox Path Traversal Vulnerability Allowing Arbitrary File Writes

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating