CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-5751 |
Description: WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of management cards. The issue results from the lack of personalization of management cards. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26292.
CVSS: MEDIUM (4.6) EPSS Score: 0.03% SSVC Exploitation: none
June 6th, 2025 (29 days ago)
|
|
CVE-2025-5750 |
Description: WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of the secKey, localKey, stdTimeZone and devId parameters. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26294.
CVSS: HIGH (8.8) EPSS Score: 0.09% SSVC Exploitation: none
June 6th, 2025 (29 days ago)
|
|
CVE-2025-5749 |
Description: WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of cryptographic keys used in vendor-specific encrypted communications. The issue results from the lack of proper initialization of a variable prior to accessing it. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26295.
CVSS: MEDIUM (6.3) EPSS Score: 0.02% SSVC Exploitation: none
June 6th, 2025 (29 days ago)
|
|
CVE-2025-5748 |
Description: WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the Tuya communications module software. The issue results from the exposure of a method allowing the upload of crafted software images to the module. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26349.
CVSS: HIGH (8.0) EPSS Score: 0.17% SSVC Exploitation: none
June 6th, 2025 (29 days ago)
|
|
CVE-2025-5747 |
Description: WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this vulnerability.
The specific flaw exists within the handling of command frames received by the MCU. When parsing frames, the process does not properly detect the start of a frame, which can lead to misinterpretation of input. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. Was ZDI-CAN-26501.
CVSS: HIGH (8.0) EPSS Score: 0.18% SSVC Exploitation: none
June 6th, 2025 (29 days ago)
|
|
CVE-2025-33035 |
Description: A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.4847 and later
CVSS: HIGH (7.2) EPSS Score: 0.14%
June 6th, 2025 (29 days ago)
|
|
CVE-2025-33031 |
Description: An improper certificate validation vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.4847 and later
CVSS: HIGH (8.3) EPSS Score: 0.06%
June 6th, 2025 (29 days ago)
|
|
CVE-2025-30279 |
Description: An improper certificate validation vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.4847 and later
CVSS: HIGH (8.3) EPSS Score: 0.06%
June 6th, 2025 (29 days ago)
|
|
CVE-2025-29892 |
Description: An SQL injection vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to execute unauthorized code or commands.
We have already fixed the vulnerability in the following version:
Qsync Central 4.5.0.6 ( 2025/03/20 ) and later
CVSS: HIGH (8.7) EPSS Score: 0.08%
June 6th, 2025 (29 days ago)
|
|
CVE-2025-29885 |
Description: An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system.
We have already fixed the vulnerability in the following versions:
File Station 5 5.5.6.4791 and later
and later
CVSS: HIGH (8.3) EPSS Score: 0.05%
June 6th, 2025 (29 days ago)
|