CVE-2025-5747 — HIGH (8.0) — White Hats Nepal

Vulnerability Description

WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of command frames received by the MCU. When parsing frames, the process does not properly detect the start of a frame, which can lead to misinterpretation of input. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. Was ZDI-CAN-26501.

CVSS Score

8.0

HIGH

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Wolfbox	Level 2 Ev Charger Firmware	3.1.17
Wolfbox	Level 2 Ev Charger	-

Related Weaknesses (CWE)

CWE-115

References

https://www.zerodayinitiative.com/advisories/ZDI-25-326/Third Party Advisory

FAQ

What is CVE-2025-5747?

CVE-2025-5747 is a vulnerability with a CVSS score of 8.0 (HIGH). WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affecte...

How severe is CVE-2025-5747?

CVE-2025-5747 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-5747?

Check the references section above for vendor advisories and patch information. Affected products include: Wolfbox Level 2 Ev Charger Firmware, Wolfbox Level 2 Ev Charger.