EVLink WallBox

Monitor7.2SEVD-2025-161-03Jun 10, 2025

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in EVLink WallBox charging stations allow an authenticated attacker to read arbitrary files, inject cross-site scripts, and execute remote commands. The vulnerabilities (CWE-22 path traversal, CWE-79 XSS, CWE-78 command injection) affect all versions of the product. Exploitation requires valid web server credentials but could result in full control of the charging station, information disclosure, and service disruption.

What this means

What could happen

An authenticated attacker with access to the EVLink WallBox web interface could read arbitrary files, inject malicious scripts, or execute commands with full control of the charging station, potentially disrupting EV charging operations and accessing sensitive configuration data.

Who's at risk

Residential and small commercial property owners who operate EVLink WallBox charging stations on home or private networks. This primarily affects individual homeowners and small businesses with EV charging infrastructure. Energy utilities may see this as a concern if they manage or monitor these devices on customer premises.

How it could be exploited

An attacker with valid credentials (default or compromised admin password) on the same network as the EVLink WallBox can access the web interface and exploit the vulnerabilities to read files from the device, inject JavaScript to manipulate the interface, or run arbitrary commands on the device itself. The device must be network-accessible and not properly segmented or firewalled.

Prerequisites

Valid admin credentials to access the EVLink WallBox web server
Network access to the device's IP address and web management port
Device on same local network or accessible via unsecured network path
Default admin password unchanged (common in installations)

Requires authentication but default credentials commonNo patch available - all versions affectedAllows arbitrary file read and command executionAffects critical charging infrastructureLow exploit complexity once authenticated

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

EVLink WallBox All versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/6

Do now

0/3

HARDENINGChange the default admin password immediately and use a strong password with uppercase, lowercase, numbers, special characters, and minimum 20 characters

HARDENINGIsolate the EVLink WallBox on its own network segment using a VLAN or guest network if available

HARDENINGDo not expose the device to the public internet; verify the device has no public IP address and disable port forwarding

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGEnsure Wi-Fi encryption is set to WPA3 or WPA2/3 with protected management frames

HARDENINGRestrict network access to the device's web management interface using firewall rules from trusted IPs only

Mitigations - no patch available

0/1

EVLink WallBox All versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGSchedule regular reboots of the routing device, smartphones, and computers connected to the network

CVEs (4)

CVE-2025-5740 CVE-2025-5741 CVE-2025-5742 CVE-2025-5743

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ae80571f-fd75-47a6-9659-b4eb1a5aa318