CVE-2025-3881 – eCharge Hardy Barth cPH2 NTP Command Injection Remote Code Execution

May 22, 2025

CVE ID : CVE-2025-3881

Published : May 22, 2025, 1:15 a.m. | 1 hour, 44 minutes ago

Description : eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of the ntp parameter provided to the check_req.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-23113.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3882 – eCharge Hardy Barth cPH2 Command Injection Remote Code Execution Vulnerability

Next Article CVE-2025-3480 – MedDream WEB DICOM Viewer Information Disclosure (Cleartext Transmission of Credentials)

Last week in AI dev tools: Cloudflare blocking AI crawlers by default, Perplexity Max subscription, and more (July 7, 2025)

Infragistics Launches Ultimate 25.1 With Major Updates to App Builder, Ignite UI

Design Guidelines For Better Notifications UX

10 Top React.js Development Service Providers For Your Next Project In 2026

Following Microsoft’s mass layoffs, Xbox Game Pass’ business viability is again being questioned — is Xbox’s biggest differentiator an albatross?

A million customer conversations with AI agents yielded this surprising lesson

Bookworms: Don’t skip this Kindle Paperwhite Essentials bundle that’s on sale

My favorite “non-gaming” gaming accessory is down to its lowest price for Prime Day | XREAL’s AR glasses give you a virtual cinema screen for Xbox Cloud Gaming, Netflix, PC gaming handhelds, and more

Keyboard Testing in Accessibility Testing

Keyboard Testing in Accessibility Testing

Implementation of Custom Tables in Optimizely Configured Commerce

Token Limit – Monitor token usage in AI context files

Following Microsoft’s mass layoffs, Xbox Game Pass’ business viability is again being questioned — is Xbox’s biggest differentiator an albatross?

Following Microsoft’s mass layoffs, Xbox Game Pass’ business viability is again being questioned — is Xbox’s biggest differentiator an albatross?

dano – hashdeep/md5tree for media files

My favorite “non-gaming” gaming accessory is down to its lowest price for Prime Day | XREAL’s AR glasses give you a virtual cinema screen for Xbox Cloud Gaming, Netflix, PC gaming handhelds, and more

CVE-2025-3881 – eCharge Hardy Barth cPH2 NTP Command Injection Remote Code Execution

CVE-2025-20694 – Intel Bluetooth Denial of Service Vulnerability

CVE-2025-20693 – Intel Wireless LAN STA Driver Out-of-Bounds Read Information Disclosure Vulnerability

I replaced my Kindle with an iPad Mini as my ebook reader – 8 reasons why I don’t regret it

Our latest advances in robot dexterity

CVE-2025-20979 – Android libsavscmn Out-of-Bounds Write Arbitrary Code Execution

T* and LV-Haystack: A Spatially-Guided Temporal Search Framework for Efficient Long-Form Video Understanding

CVE-2025-1329 – IBM CICS TX DNS Rebinding Vulnerability

CVE-2025-49866 – Nikel Beautiful Cookie Consent Banner Cross-site Scripting

Google Earth just made time travel easier – here’s how to visit the old neighborhood

Everything coming to Call of Duty: Black Ops 6 multiplayer with Season 3

CVE-2025-3881 – eCharge Hardy Barth cPH2 NTP Command Injection Remote Code Execution

Related Posts