CVE-2025-14346 CRITICAL

CVE-2025-14346

Vendor Whill
Product Model C2 Electric Wheelchair
Weakness CWE-306 · Missing auth
Published January 5, 2026
Last update January 5, 2026

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction.

Key dates

02Disclosure timeline

January 5, 2026 CVE published
January 5, 2026 Record updated