Primary

Context

WOLFBOX Level 2 EV Charger Authentication Bypass Vulnerability via Uninitialized Variable in BLE Encryption Key Handling

Vulnerability

An authentication bypass vulnerability has been identified in WOLFBOX Level 2 EV Charger devices. This issue arises from an uninitialized variable in the management of cryptographic keys used for vendor-specific encrypted communications. As a result, network-adjacent attackers can exploit this vulnerability to bypass authentication on the affected chargers, without the need for prior authentication.

Impact

Exploitation of this vulnerability allows for authentication bypass on the affected EV chargers.

Remediation

The recommended mitigation strategy is to restrict interaction with the affected WOLFBOX Level 2 EV Charger.

Added: Jun 6, 2025, 4:27 PM

Updated: Jun 6, 2025, 4:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.9

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.9

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WOLFBOX Level 2 EV Charger Authentication Bypass Vulnerability via Uninitialized Variable in BLE Encryption Key Handling

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating