CVE-2025-3881 – eCharge Hardy Barth cPH2 NTP Command Injection Remote Code Execution

May 22, 2025

CVE ID : CVE-2025-3881

Published : May 22, 2025, 1:15 a.m. | 1 hour, 44 minutes ago

Description : eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of the ntp parameter provided to the check_req.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-23113.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3882 – eCharge Hardy Barth cPH2 Command Injection Remote Code Execution Vulnerability

Next Article CVE-2025-3480 – MedDream WEB DICOM Viewer Information Disclosure (Cleartext Transmission of Credentials)

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

I found the ultimate MacBook Air alternative for Windows users – and it’s priced well

Outdated IT help desks are holding businesses back – but there is a solution

Android’s latest update can force apps into dark mode – how to see it now

I tried the Google Pixel Watch 4 – and these key features made it feel indispensable

Building Cross-Platform Alerts with Laravel’s Notification Framework

Building Cross-Platform Alerts with Laravel’s Notification Framework

Add Notes Functionality to Eloquent Models With the Notable Package

How to install OpenPlatform — IoT platform

Basics of Digital Forensics

Basics of Digital Forensics

Top Linux Server Automation Tools: Simplifying System Administration

Rising from the Ashes: How AlmaLinux and Rocky Linux Redefined the Post-CentOS Landscape

CVE-2025-3881 – eCharge Hardy Barth cPH2 NTP Command Injection Remote Code Execution

“What happens online stays online” and other cyberbullying myths, debunked

The need for speed: Why organizations are turning to rapid, trustworthy MDR

CVE-2025-4955 – Tarteaucitron.io WordPress Stored Cross-site Scripting Vulnerability

Ransomware Actors Exploit Unpatched SimpleHelp RMM to Compromise Billing Software Provider

Best Crypto Payments Gateways in 2025

Meet Accessible UX Research, A Brand-New Smashing Book

Can GPT-5 fix Apple Intelligence? We’re about to find out

CVE-2025-43845 – VITS Voice Changing Framework Remote Code Injection Vulnerability

Rilasciata Manjaro 25 “Zetar” con GNOME 48, KDE Plasma 6.3 e il kernel Linux 6.12

The Anatomy of an RCE Attack : The Hacker’s Big Score

CVE-2025-3881 – eCharge Hardy Barth cPH2 NTP Command Injection Remote Code Execution

Related Posts