CVE-2025-5750 is a high-severity heap-based buffer overflow vulnerability identified in the WOLFBOX Level 2 EV Charger, specifically within the function tuya_svc_devos_activate_result_parse. This vulnerability arises due to improper validation of the length of user-supplied input parameters—namely secKey, localKey, stdTimeZone, and devId—before copying them into fixed-length heap buffers. Because these inputs are not properly bounded, an attacker can overflow the heap buffer, leading to memory corruption. This flaw enables remote code execution (RCE) by a network-adjacent attacker without requiring any authentication or user interaction. The attacker can execute arbitrary code in the context of the device, potentially gaining full control over the EV charger’s firmware and operations. The affected versions include firmware 3.1.17 (main) and 1.2.6 (MCU). The vulnerability is tracked as CWE-122 (Heap-based Buffer Overflow) and has a CVSS v3.0 score of 8.8, indicating a high impact on confidentiality, integrity, and availability. No public exploits are known at this time, but the ease of exploitation combined with the lack of authentication requirement makes this a critical risk for affected deployments. The vulnerability was assigned and published by ZDI (Zero Day Initiative) under the identifier ZDI-CAN-26294. Given the nature of the device—a Level 2 EV charger—compromise could allow attackers to disrupt charging services, manipulate billing or usage data, or pivot into connected networks.

For European organizations, this vulnerability poses significant risks especially for entities operating EV charging infrastructure such as public charging stations, commercial parking facilities, and fleet management companies. Exploitation could lead to unauthorized control over charging sessions, causing denial of service to EV users and potential safety hazards if the device is manipulated maliciously. Confidentiality breaches could expose sensitive operational data or user credentials. Integrity violations may result in falsified usage or billing records, impacting financial transactions and trust. Availability impacts could disrupt critical EV charging infrastructure, undermining the growing reliance on electric vehicles in Europe’s green energy transition. Additionally, compromised chargers could serve as footholds for lateral movement into enterprise or utility networks, increasing the risk of broader cyberattacks. The lack of authentication and network adjacency requirement means attackers could exploit this vulnerability remotely from within the same network segment or via exposed network interfaces, increasing the attack surface.

To mitigate this vulnerability, European organizations should: 1) Immediately identify and inventory all WOLFBOX Level 2 EV Chargers running affected firmware versions (3.1.17 main and 1.2.6 MCU). 2) Engage with WOLFBOX or authorized vendors to obtain and apply firmware updates or patches once available, as no official patches are currently listed. 3) Implement network segmentation to isolate EV chargers from critical IT and OT networks, restricting access to trusted management systems only. 4) Employ network-level controls such as firewalls and intrusion detection/prevention systems to monitor and block suspicious traffic targeting the vulnerable parameters. 5) Disable or restrict remote management interfaces where possible to reduce exposure. 6) Conduct regular security assessments and penetration testing focused on EV charging infrastructure. 7) Monitor device logs and network traffic for anomalous activity indicative of exploitation attempts. 8) Develop incident response plans specific to EV infrastructure compromise scenarios. These steps go beyond generic advice by focusing on device-specific inventory, network architecture adjustments, and proactive monitoring tailored to the unique operational context of EV chargers.