CISA Warns of WHILL Model C2 Wheelchairs Vulnerability Let Attackers Take Control of Product

Posted on By CWS

A vital safety advisory warned of extreme vulnerabilities in WHILL electrical wheelchairs that might enable attackers to hijack the units through Bluetooth remotely.

The alert impacts two standard fashions used worldwide: the WHILL Mannequin C2 Electrical Wheelchair and Mannequin F Energy Chair, each manufactured by Japan-based WHILL Inc.

Safety researchers from QED Safe Options found a harmful flaw, tracked as CVE-2025-14346, with a most CVSS rating of 9.8 out of 10, classifying it as vital severity.

The vulnerability stems from lacking authentication for vital capabilities, enabling any attacker inside Bluetooth vary to grab full management over the wheelchair with out requiring authorization or bodily entry to the system.

CVE IDAffected ProductsCVSS ScoreVulnerability TypeImpactCVE-2025-14346WHILL Mannequin C2 Electrical Wheelchair, WHILL Mannequin F Energy Chair9.8 (Crucial)Lacking Authentication for Crucial FunctionRemote management takeover through Bluetooth

The vulnerability poses important dangers to customers in healthcare amenities and public areas.

As profitable exploitation might enable malicious actors to control wheelchair actions, doubtlessly inflicting bodily hurt to customers or bystanders.

The affected merchandise are deployed worldwide throughout the Healthcare and Public Well being vital infrastructure sector.

CISA urges organizations and customers to implement rapid defensive measures to mitigate exploitation dangers.

Key suggestions embody minimizing community publicity by guaranteeing units should not accessible from the web, isolating management methods behind firewalls, and utilizing safe Digital Non-public Networks (VPNs) when distant entry is important.

Customers ought to contact WHILL Inc. immediately for particular mitigation steering and potential firmware updates.

Organizations should carry out thorough affect evaluation and danger assessments earlier than deploying protecting measures.

CISA emphasised that no recognized public exploitation has been reported but, however the vital severity warrants rapid consideration.

Comply with us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.

Cyber Security News Tags:, , , , , , , ,

Related Posts

New Phishing Attack Uses Basic Auth URLs to Trick Users and Steal Login Credentials Cyber Security News
Hackers Using Evilginx to Steal Session Cookies and Bypass Multi-Factor Authentication Tokens Cyber Security News
New Hpingbot Abusing Pastebin for Payload Delivery and Hping3 Tool to Launch DDoS Attacks Cyber Security News
CISA Releases Best Security Practices Guide for Hardening Microsoft Exchange Server Cyber Security News
New Phishing Attack Leverages Popular Brands to Harvest Login Credentials Cyber Security News
Agentless Access, Sensitive Data Masking, and Smooth Session Playback Cyber Security News