CVE-2025-5749
📋 TL;DR
This vulnerability allows attackers within Bluetooth range to bypass authentication on WOLFBOX Level 2 EV Chargers by exploiting uninitialized encryption key variables. The flaw enables unauthorized access to charger control functions without valid credentials. Only WOLFBOX Level 2 EV Charger devices with vulnerable firmware are affected.
💻 Affected Systems
- WOLFBOX Level 2 EV Charger
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could remotely control charging functions, modify charging parameters, disable safety features, or potentially cause electrical hazards by manipulating the charger's operation.
Likely Case
Unauthorized users could start/stop charging sessions, view charging data, or modify charging schedules without authentication, potentially causing billing issues or service disruption.
If Mitigated
With proper network segmentation and physical security, impact is limited to local Bluetooth range with no remote exploitation possible.
🎯 Exploit Status
Exploitation requires Bluetooth access and understanding of vendor-specific BLE protocol. No authentication needed as stated in CVE description.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified
Vendor Advisory: Not provided in references
Restart Required: Yes
Instructions:
1. Contact WOLFBOX vendor for firmware updates 2. Download updated firmware 3. Apply firmware update via manufacturer's recommended method 4. Restart charger to apply changes
🔧 Temporary Workarounds
Disable Bluetooth when not in use
allTurn off Bluetooth functionality on the charger when not actively pairing with authorized devices
Vendor-specific command not available
Physical access restriction
allRestrict physical access to charger installation area to prevent attackers from getting within Bluetooth range
🧯 If You Can't Patch
- Deploy chargers in physically secure locations with limited public access
- Implement network segmentation to isolate chargers from critical infrastructure
🔍 How to Verify
Check if Vulnerable:
Check firmware version against vendor's vulnerability list. Test Bluetooth authentication bypass using ZDI-CAN-26295 methodology.Check Version:
Vendor-specific command not documented. Check device display or mobile app for firmware version.Verify Fix Applied:
Verify firmware version matches patched version from vendor. Test authentication requirements via Bluetooth connection attempts.📡 Detection & Monitoring
Log Indicators:
- Multiple failed authentication attempts via Bluetooth
- Successful authentication from unknown MAC addresses
- Configuration changes without authorized user activity
Network Indicators:
- Unusual Bluetooth connection patterns
- BLE traffic from unexpected locations
- Protocol anomalies in vendor-specific BLE communications
SIEM Query:
Not applicable - primarily local Bluetooth attack vector