How to fix EUVD-2025-17326?

Within 24 hours: Inventory all WOLFBOX Level 2 EV Chargers in your environment and document network access points. Within 7 days: Implement network segmentation to restrict MCU communication to authorized management systems only, enforce strong authentication credentials for all charger administrative accounts, and disable remote management features if not operationally critical. Within 30 days: Monitor vendor advisories for patch availability, evaluate alternative charging solutions if risk tolerance is exceeded, and conduct security assessment of dependent systems.

Is Level 2 Ev Charger Firmware affected by EUVD-2025-17326?

WOLFBOX Level 2 EV Charger devices are vulnerable to remote code execution attacks by authenticated network users, potentially allowing attackers to compromise charging infrastructure and disrupt operations.

EUVD-2025-17326

| CVE-2025-5747 HIGH

2025-06-06 [email protected]

8.0

CVSS 3.0

CVSS Vector

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 18:10 euvd

EUVD-2025-17326

Analysis Generated

Mar 14, 2026 - 18:10 vuln.today

CVE Published

Jun 06, 2025 - 16:15 nvd

HIGH 8.0

Description

WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of command frames received by the MCU. When parsing frames, the process does not properly detect the start of a frame, which can lead to misinterpretation of input. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. Was ZDI-CAN-26501.

Analysis

Remote code execution vulnerability in WOLFBOX Level 2 EV Charger devices caused by improper frame parsing in the Microcontroller Unit (MCU) firmware. Network-adjacent attackers with valid authentication credentials can exploit a frame start detection flaw to misinterpret command input and execute arbitrary code with full device privileges. While no public exploit code or active KEV listing is confirmed from the provided data, the CVSS 8.0 score and requirement for authentication (not public network access) suggest moderate real-world exploitability; however, this should be verified against EPSS scores and vendor advisories for actual threat intelligence integration.

Technical Context

The vulnerability exists in the MCU command frame parsing logic of WOLFBOX Level 2 EV Charger devices, which appears to be IoT/embedded automotive charging infrastructure. The root cause is classified as CWE-115 (Misinterpretation of Input), specifically a frame synchronization flaw where the parser fails to properly identify frame delimiters or start-of-frame markers. This allows an attacker to craft malformed or misaligned frame sequences that cause the parser to misinterpret command boundaries, potentially injecting arbitrary opcodes into execution context. The vulnerability was previously tracked as ZDI-CAN-26501 (Trend Micro Zero Day Initiative identifier), indicating professional security research disclosure. The attack requires network adjacency (AV:A) and valid authentication credentials (PR:L), suggesting the device operates on a local network segment with credential-protected access (typical for EV charging networks with management/installer roles).

Affected Products

WOLFBOX Level 2 EV Charger MCU firmware (specific version ranges not provided in description). Typical CPE syntax would be: cpe:2.3:h:wolfbox:level_2_ev_charger:*:*:*:*:*:*:*:* (hardware) and cpe:2.3:o:wolfbox:level_2_ev_charger_firmware:*:*:*:*:*:*:*:* (firmware). Affected installations include any WOLFBOX Level 2 charger with unpatched MCU firmware prior to the fixed version (not specified in provided data). Installer/management network access points and any systems with authenticated access to the charger's command interface are in scope. Vendor advisory and patch availability information should be obtained from WOLFBOX security bulletins or the Trend Micro ZDI disclosure timeline (ZDI-CAN-26501).

Remediation

1. PATCH: Obtain and deploy WOLFBOX Level 2 firmware update addressing CVE-2025-5747 from vendor security advisories (check WOLFBOX website, ZDI responsible disclosure timeline, or ICS-CERT alerts). 2. VERIFY: After patching, confirm MCU firmware version change via device management interface or serial console. 3. ACCESS CONTROL: Restrict network access to WOLFBOX charger management/command interfaces to authenticated administrator/installer accounts only; segregate charger control networks from public network segments. 4. MONITORING: Implement network IDS/IPS rules to detect malformed frame sequences targeting EV charger command ports (port numbers device-specific; consult vendor documentation). 5. CREDENTIAL HYGIENE: Audit and rotate installer/management credentials if any compromise is suspected (this vulnerability requires authentication, making credential leakage a risk multiplier). 6. INTERIM MITIGATION: If patching cannot be deployed immediately, disable remote management features or implement strict network segmentation until patches are available.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +40

POC: 0

EUVD-2025-17326 vulnerability details – vuln.today

Back

EUVD-2025-17326

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-17326

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code