CVE-2025-3882 – eCharge Hardy Barth cPH2 Command Injection Remote Code Execution Vulnerability

May 22, 2025

CVE ID : CVE-2025-3882

Published : May 22, 2025, 1:15 a.m. | 1 hour, 44 minutes ago

Description : eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of the dest parameter provided to the nwcheckexec.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-23114.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3484 – MedDream PACS Server DICOM File Parsing Remote Code Execution Vulnerability

Next Article CVE-2025-3881 – eCharge Hardy Barth cPH2 NTP Command Injection Remote Code Execution

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Google DeepMind’s CEO says Gemini’s upgrades could lead to AGI — but he still thinks society isn’t “ready for it”

Windows 11 is getting AI Actions in File Explorer — here’s how to try them right now

Is The Alters on Game Pass?

I asked Copilot’s AI to predict the outcome of the Europa League final, and now I’m just sad

Celebrating GAAD by Committing to Universal Design: Equitable Use

Celebrating GAAD by Committing to Universal Design: Equitable Use

GAAD and Universal Design in Healthcare – A Deeper Look

GAAD and Universal Design in Pharmacy – A Deeper Look

Google DeepMind’s CEO says Gemini’s upgrades could lead to AGI — but he still thinks society isn’t “ready for it”

Google DeepMind’s CEO says Gemini’s upgrades could lead to AGI — but he still thinks society isn’t “ready for it”

Windows 11 is getting AI Actions in File Explorer — here’s how to try them right now

Is The Alters on Game Pass?

CVE-2025-3882 – eCharge Hardy Barth cPH2 Command Injection Remote Code Execution Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-4094 – “Acunetix DIGITS WordPress OTP Brute Force Vulnerability”

I use this cheap Android tablet more than my iPad Pro – and it costs a fraction of the price

Rilasciata Ubuntu 25.04 “Plucky Puffin”: Arriva con GNOME 48 e kernel Linux 6.14

Exploring Astro: The Future of Web Development with Server Islands

How Iterate.ai uses Amazon MemoryDB to accelerate and cost-optimize their workforce management conversational AI agent

“Create a replica of this image. Don’t change anything” AI trend takes off

What’s your next mountain?

Arc browser lets you control individual site settings. Here’s why I love this feature

Mobile security: flaw allows hackers to read texts and listen to calls

CVE-2025-3882 – eCharge Hardy Barth cPH2 Command Injection Remote Code Execution Vulnerability

Related Posts