AI description
CVE-2025-5750 is a heap-based buffer overflow vulnerability affecting WOLFBOX Level 2 EV Chargers. It exists in the `tuya_svc_devos_activate_result_parse` function. The vulnerability allows network-adjacent attackers to execute arbitrary code on affected WOLFBOX Level 2 EV Charger installations. Exploitation doesn't require authentication. The flaw stems from the lack of proper validation of the length of user-supplied data related to the `secKey`, `localKey`, `stdTimeZone`, and `devId` parameters before copying it to a fixed-length heap-based buffer.
- Description
- WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the secKey, localKey, stdTimeZone and devId parameters. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26294.
- Source
- zdi-disclosures@trendmicro.com
- NVD status
- Awaiting Analysis
CVSS 3.0
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- zdi-disclosures@trendmicro.com
- CWE-122
- Hype score
- Not currently trending
CVE-2025-5750 Unauthenticated Remote Code Execution in WOLFBOX Level 2 EV Charger https://t.co/CtsJIMxWBS
@VulmonFeeds
7 Jun 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-5750 WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjace… https://t.co/q9drKq6E7a
@CVEnew
6 Jun 2025
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-5750 👉 https://t.co/6j6vZ7AXV2 A heap-based buffer overflow in WOLFBOX Level 2 EV Charger’s parameter handling allows remote code execution without authentication. Patch now to stop attackers from hijacking your charger! 🔒⚡ #CVE #IoTSecurity #CyberSecu
@BaseFortify
6 Jun 2025
52 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
[CVE-2025-5750: HIGH] Critical vulnerability found in WOLFBOX Level 2 EV Charger allows remote attackers to execute code without authentication. Ensure device security to prevent exploitation. 🛡️ #cybersecurity#cve,CVE-2025-5750,#cybersecurity https://t.co/0LzHg2Ik0E https:/
@CveFindCom
6 Jun 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[ZDI-25-329|CVE-2025-5750] (0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVSS 8.8; Credit: Rafal Goryl of PixiePoint Security) https://t.co/DXMnVKe0G0
@TheZDIBugs
6 Jun 2025
2057 Impressions
3 Retweets
11 Likes
1 Bookmark
0 Replies
1 Quote