CVE-2025-5873
📋 TL;DR
This vulnerability allows remote attackers to upload arbitrary files to eCharge Hardy Barth Salia PLCC devices via the /firmware.php endpoint in the Web UI. Attackers can exploit this to upload malicious files, potentially leading to system compromise. All users of affected versions are vulnerable.
💻 Affected Systems
- eCharge Hardy Barth Salia PLCC
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover through remote code execution, data theft, or device bricking via malicious firmware upload.
Likely Case
Unauthorized file upload leading to web shell installation, data manipulation, or denial of service.
If Mitigated
Limited impact if file uploads are restricted to authenticated users and file types are strictly validated.
🎯 Exploit Status
Exploit details are publicly available on GitHub, making this easily weaponizable by attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. Vendor was contacted but did not respond. Consider workarounds or replacement.
🔧 Temporary Workarounds
Block Web UI Access
linuxRestrict access to the device's Web UI using firewall rules or network segmentation.
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP
Disable Unused Services
linuxDisable the Web UI service if not required for operation.
systemctl stop [webui_service_name]
systemctl disable [webui_service_name]
🧯 If You Can't Patch
- Isolate affected devices in a separate network segment with strict access controls.
- Implement web application firewall (WAF) rules to block requests to /firmware.php with suspicious parameters.
🔍 How to Verify
Check if Vulnerable:
Check device version via Web UI or SSH. If version is 2.3.81 or earlier, device is vulnerable.Check Version:
Check Web UI interface or use device-specific CLI commands (varies by model).Verify Fix Applied:
No official fix available. Verify workarounds by testing if /firmware.php endpoint is inaccessible or blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /firmware.php
- File upload attempts with non-standard file extensions
- Multiple failed or successful upload attempts from single IP
Network Indicators:
- HTTP traffic to /firmware.php with media parameter manipulation
- Unexpected outbound connections from device after upload
SIEM Query:
source="device_logs" AND (url="/firmware.php" OR method="POST") AND (user_agent CONTAINS "curl" OR user_agent CONTAINS "wget")