How to fix CVE-2025-5750?

Within 24 hours: Identify and inventory all WOLFBOX Level 2 EV Chargers in your environment and isolate them to restricted network segments. Within 7 days: Implement network-based controls to restrict device communication to trusted hosts only and enable enhanced monitoring for suspicious traffic. Within 30 days: Contact WOLFBOX for patch availability and timeline; prepare deployment procedures and test in non-production environments before full rollout.

Is Level 2 Ev Charger Firmware affected by CVE-2025-5750?

WOLFBOX Level 2 EV Charger installations are vulnerable to unauthenticated remote code execution through a heap buffer overflow, allowing attackers to gain complete control of the device.

CVE-2025-5750

EUVD-2025-17314 HIGH

2025-06-06 [email protected]

8.8

CVSS 3.0

CVSS Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 18:10 euvd

EUVD-2025-17314

Analysis Generated

Mar 14, 2026 - 18:10 vuln.today

CVE Published

Jun 06, 2025 - 16:15 nvd

HIGH 8.8

Description

WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the secKey, localKey, stdTimeZone and devId parameters. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26294.

Analysis

Heap-based buffer overflow vulnerability in WOLFBOX Level 2 EV Charger that allows network-adjacent attackers to execute arbitrary code without authentication. The flaw exists in the tuya_svc_devos_activate_result_parse function where insufficient validation of secKey, localKey, stdTimeZone, and devId parameters enables remote code execution. With a CVSS score of 8.8 and network-adjacent attack vector, this represents a critical risk for deployed EV charging infrastructure.

Technical Context

The vulnerability resides in WOLFBOX Level 2 EV Charger's firmware, which implements Tuya IoT platform integration for device management and activation. The tuya_svc_devos_activate_result_parse function processes device activation responses containing sensitive parameters (secKey, localKey, stdTimeZone, devId). The root cause is CWE-122 (Heap-based Buffer Overflow), where user-supplied input lengths are not validated before being copied into fixed-length heap-allocated buffers. This is a classic unsafe string/data handling pattern in embedded systems code, likely C/C++ implementations common in IoT device firmware. The Tuya protocol typically operates on port 6668 for device communication, and this parsing occurs during device activation handshake—a critical phase where device credentials are established. The lack of bounds checking combined with network accessibility creates a direct path to code execution in the device's memory space.

Affected Products

WOLFBOX Level 2 EV Charger (specific version range not disclosed in advisory; presumed multiple firmware versions using vulnerable Tuya SDK). CPE designation likely: cpe:2.3:h:wolfbox:level_2_ev_charger:*:*:*:*:*:*:*:* and cpe:2.3:o:wolfbox:level_2_ev_charger_firmware:*:*:*:*:*:*:*:*. WOLFBOX is a Chinese EV charging equipment manufacturer utilizing Tuya IoT platform for device connectivity and remote management. Affected installations include Level 2 chargers deployed in North America and international markets. The vulnerability affects firmware versions prior to a patched release (specific patch version not available in provided data; vendor advisory URL not included). Related Tuya SDK versions with inadequate parameter validation in device activation parsing are implicated across this and potentially other Tuya-integrated IoT devices.

Remediation

Immediate remediation steps: (1) Contact WOLFBOX support to obtain patched firmware version addressing tuya_svc_devos_activate_result_parse bounds validation; (2) If available, upgrade WOLFBOX Level 2 EV Charger firmware to version post-CVE-2025-5750 patch (specific version number requires vendor advisory access); (3) Implement network segmentation to restrict EV charger communication to trusted Tuya backend servers and local management networks—limit adjacent network access using VLAN isolation and firewall rules; (4) Disable remote device activation features if not required; (5) Monitor Tuya device communication logs for abnormal activation requests with malformed parameters; (6) Review WOLFBOX security advisory at [vendor advisory URL - not provided in references]; (7) For enterprises, implement Zero Trust access controls and monitor EV charger device behavior for anomalous code execution or memory corruption indicators. Temporary workaround: physically isolate chargers from untrusted networks pending patch availability. No public exploits are confirmed, reducing immediate exploitation risk during patch deployment window.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +44

POC: 0

CVE-2025-5750 vulnerability details – vuln.today

Back

CVE-2025-5750

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-5750

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code