CVE-2025-10371
📋 TL;DR
This vulnerability allows remote attackers to perform unrestricted file uploads via the /api.php endpoint in eCharge Hardy Barth Salia PLCC systems. Attackers can exploit the setrfidlist parameter to write arbitrary files to the system. All systems running versions up to 2.3.81 are affected.
💻 Affected Systems
- eCharge Hardy Barth Salia PLCC
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through remote code execution, data theft, or ransomware deployment via uploaded malicious files.
Likely Case
Unauthorized file upload leading to web shell installation, data manipulation, or denial of service.
If Mitigated
Limited impact if file uploads are restricted to non-executable directories with proper permissions.
🎯 Exploit Status
Public proof-of-concept available on GitHub demonstrates file write capability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available - vendor did not respond to disclosure
Restart Required: No
Instructions:
No official patch available. Consider upgrading to any version above 2.3.81 if released by vendor.
🔧 Temporary Workarounds
Block /api.php Access
linuxRestrict access to the vulnerable endpoint using firewall rules or web server configuration.
iptables -A INPUT -p tcp --dport 80 -m string --string "/api.php" --algo bm -j DROP
iptables -A INPUT -p tcp --dport 443 -m string --string "/api.php" --algo bm -j DROP
Disable setrfidlist Parameter
allModify application configuration to reject or sanitize setrfidlist parameter inputs.
🧯 If You Can't Patch
- Isolate affected systems from internet access using network segmentation.
- Implement strict file upload validation and monitoring for unauthorized file writes.
🔍 How to Verify
Check if Vulnerable:
Check if /api.php endpoint accepts setrfidlist parameter and allows file uploads without proper validation.Check Version:
Check system documentation or web interface for version information (typically displays in admin panel).Verify Fix Applied:
Test that /api.php endpoint no longer accepts unrestricted file uploads via setrfidlist parameter.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /api.php with setrfidlist parameter
- File creation events in unexpected directories
- Web shell or malicious file upload attempts
Network Indicators:
- HTTP requests to /api.php with file upload patterns
- Unusual outbound connections from affected systems
SIEM Query:
source="web_logs" AND uri="/api.php" AND (method="POST" OR params CONTAINS "setrfidlist")