AI description
CVE-2025-14346 affects WHILL Model C2 Electric Wheelchairs and Model F Power Chairs. These devices lack proper authentication for Bluetooth connections. An attacker within Bluetooth range (approximately 30 feet) can pair with the wheelchair and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction. This vulnerability stems from the absence of authentication for critical functions in the wheelchair's control system. Successful exploitation could allow malicious actors to manipulate wheelchair movements, potentially causing physical harm to users or bystanders. CISA has issued an urgent warning about this flaw.
- Description
- WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- ics-cert@hq.dhs.gov
- CWE-306
- Hype score
- Not currently trending
🚨 Unauthenticated Bluetooth Bug Lets Hackers Remotely Control WHILL Electric Wheelchairs (CVE-2025-14346) Security researchers found WHILL Model C2 and Model F wheelchairs don’t enforce Bluetooth authentication, allowing an attacker in range to pair without user interaction
@ThreatSynop
8 Jan 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 CVE-2025-14346 - Critical WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement ... https://t.co/dqNs39kv7o https://t.co/wWiTe4MGoU
@TheHackerWire
5 Jan 2026
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-14346: CRITICAL] Security vulnerability found in WHILL Model C2 Electric Wheelchairs and Model F Power Chairs: Lack of authentication in Bluetooth connections allows attackers to manipulate device ...#cve,CVE-2025-14346,#cybersecurity https://t.co/Ut4lf0fwsh https://t.c
@CveFindCom
5 Jan 2026
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-14346 WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the devic… https://t.co/tLR0o0DvwD
@CVEnew
5 Jan 2026
153 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
【車椅子の脆弱性】電動車椅子WHILL Model C2に重大(Critical)な脆弱性。CVE-2025-14346はCVSSスコア9.8で、Bluetooth経由での乗っ取りの脆弱性。重要機能における認証の欠如。米国政府CISAは、詳細はWHILL公式に問い合わせ
@__kokumoto
3 Jan 2026
3480 Impressions
14 Retweets
27 Likes
9 Bookmarks
0 Replies
0 Quotes