CVE-2025-48414

CVE-2025-48414: Hard-coded web interface credentials in eCharge Hardy Barth cPH2 / cPP2 charging stations

Vendor Echarge Hardy Barth
Product cPH2 / cPP2 charging stations
Weakness CWE-798 · Hardcoded credentials
Published May 21, 2025
Last update November 3, 2025

CVSS base score

What the vulnerability does

01Description

There are several scripts in the web interface that are accessible via undocumented hard-coded credentials. The scripts provide access to additional administrative/debug functionality and are likely intended for debugging during development and provides an additional attack surface.

Key dates

02Disclosure timeline

May 21, 2025 CVE published
November 3, 2025 Record updated