CISA Warns of WHILL Model C2 Wheelchairs Vulnerability Let Attackers Take Control of Product

CISA Warns of WHILL Model C2 Wheelchairs Vulnerability Let Attackers Take Control of Product

Posted on By CWS

A vital safety advisory warned of extreme vulnerabilities in WHILL electrical wheelchairs that might enable attackers to hijack the units through Bluetooth remotely.

The alert impacts two standard fashions used worldwide: the WHILL Mannequin C2 Electrical Wheelchair and Mannequin F Energy Chair, each manufactured by Japan-based WHILL Inc.

Safety researchers from QED Safe Options found a harmful flaw, tracked as CVE-2025-14346, with a most CVSS rating of 9.8 out of 10, classifying it as vital severity.

The vulnerability stems from lacking authentication for vital capabilities, enabling any attacker inside Bluetooth vary to grab full management over the wheelchair with out requiring authorization or bodily entry to the system.

CVE IDAffected ProductsCVSS ScoreVulnerability TypeImpactCVE-2025-14346WHILL Mannequin C2 Electrical Wheelchair, WHILL Mannequin F Energy Chair9.8 (Crucial)Lacking Authentication for Crucial FunctionRemote management takeover through Bluetooth

The vulnerability poses important dangers to customers in healthcare amenities and public areas.

As profitable exploitation might enable malicious actors to control wheelchair actions, doubtlessly inflicting bodily hurt to customers or bystanders.

The affected merchandise are deployed worldwide throughout the Healthcare and Public Well being vital infrastructure sector.

CISA urges organizations and customers to implement rapid defensive measures to mitigate exploitation dangers.

Key suggestions embody minimizing community publicity by guaranteeing units should not accessible from the web, isolating management methods behind firewalls, and utilizing safe Digital Non-public Networks (VPNs) when distant entry is important.

Customers ought to contact WHILL Inc. immediately for particular mitigation steering and potential firmware updates.

Organizations should carry out thorough affect evaluation and danger assessments earlier than deploying protecting measures.

CISA emphasised that no recognized public exploitation has been reported but, however the vital severity warrants rapid consideration.

Comply with us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.

Cyber Security News Tags:, , , , , , , ,

Related Posts

iPhone Exploit Toolkit Linked to U.S. Contractor Used by Russian Spies iPhone Exploit Toolkit Linked to U.S. Contractor Used by Russian Spies Cyber Security News
Stealthy Malware Campaign Utilizes VBS and Remote Trojans Stealthy Malware Campaign Utilizes VBS and Remote Trojans Cyber Security News
New Veeam Themed Phishing Attack Using Weaponized Wav File to Attack users New Veeam Themed Phishing Attack Using Weaponized Wav File to Attack users Cyber Security News
Stealthy WordPress Malware Deliver Windows Trojan via PHP Backdoor Stealthy WordPress Malware Deliver Windows Trojan via PHP Backdoor Cyber Security News
New SAP NetWeaver Vulnerabilities Allow Attackers to Bypass Authorization and Execute OS Commands New SAP NetWeaver Vulnerabilities Allow Attackers to Bypass Authorization and Execute OS Commands Cyber Security News
Threat Actors Weaponizing YouTube Video Download Site to Download Proxyware Malware Threat Actors Weaponizing YouTube Video Download Site to Download Proxyware Malware Cyber Security News