CVE-2025-3883 – eCharge Hardy Barth cPH2 Remote Command Injection Vulnerability

May 22, 2025

CVE ID : CVE-2025-3883

Published : May 22, 2025, 1:15 a.m. | 1 hour, 35 minutes ago

Description : eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of GET parameters provided to the index.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-23115.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3885 – Harman Becker MGU21 Bluetooth Denial-of-Service Vulnerability

Next Article CVE-2025-3887 – GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

The best AirTag alternative for Samsung users is currently 30% off

One of the biggest new features on the Google Pixel 10 is also one of the most overlooked

I tested these viral ‘crush-proof’ Bluetooth speakers, and they’re not your average portables

I compared the best smartwatches from Google and Apple – and there’s a clear winner

MongoDB Data Types

MongoDB Data Types

Building Cross-Platform Alerts with Laravel’s Notification Framework

Add Notes Functionality to Eloquent Models With the Notable Package

Microsoft nags more users with Windows 10 end of life banner, says get Windows 11

Microsoft nags more users with Windows 10 end of life banner, says get Windows 11

Hate Windows 11? Windows 10’s extended updates Enroll button is slowly rolling out, says Microsoft

Firefox Web App Support Available to Test (on Windows, At Least)

CVE-2025-3883 – eCharge Hardy Barth cPH2 Remote Command Injection Vulnerability

CVE-2025-8208 – Spexo Addons for Elementor WordPress Stored Cross-Site Scripting

CVE-2025-9379 – “Belkin AX1800 Firmware Update Handler Remote Authentication Bypass”

CVE-2025-6794 – Marvell QConvergeConsole Directory Traversal Remote Code Execution Vulnerability

CISA Adds Zimbra Vulnerability CVE-2019-9621 to KEV Catalog

This super simple Android Contacts update solves a problem we’ve all had

CVE-2025-4099 – WordPress List Children Plugin Stored Cross-Site Scripting Vulnerability

Amazon Gaming Week is LIVE — 7 hand-picked deals with price-busting competitors that you can’t miss!

FloQast builds an AI-powered accounting transformation solution with Anthropic’s Claude 3 on Amazon Bedrock

CVE-2025-6109 – Javahongxi Whatsmars Remote Path Traversal Vulnerability

CVE-2025-50057 – RSFiles! Denial of Service (DOS) Vulnerability

CVE-2025-3883 – eCharge Hardy Barth cPH2 Remote Command Injection Vulnerability

Related Posts