Primary

Context

WOLFBOX Level 2 EV Charger Command Parsing Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in WOLFBOX Level 2 EV Charger devices. This issue arises from a misinterpretation of input in the command frames received by the microcontroller (MCU). The flaw occurs because the frame parsing process fails to accurately detect the beginning of a frame, leading to incorrect interpretation of the data. Exploitation of this vulnerability requires authentication and can be combined with other vulnerabilities to execute arbitrary code on the device.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected EV charger devices.

Remediation

The recommended mitigation strategy is to restrict interaction with the affected product.

Added: Jun 6, 2025, 4:28 PM

Updated: Jun 6, 2025, 4:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.5

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.5

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WOLFBOX Level 2 EV Charger Command Parsing Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating