CISA Warns of WHILL Model C2 Wheelchairs Vulnerability Let Attackers Take Control of Product

Posted on By CWS

A vital safety advisory warned of extreme vulnerabilities in WHILL electrical wheelchairs that might enable attackers to hijack the units through Bluetooth remotely.

The alert impacts two standard fashions used worldwide: the WHILL Mannequin C2 Electrical Wheelchair and Mannequin F Energy Chair, each manufactured by Japan-based WHILL Inc.

Safety researchers from QED Safe Options found a harmful flaw, tracked as CVE-2025-14346, with a most CVSS rating of 9.8 out of 10, classifying it as vital severity.

The vulnerability stems from lacking authentication for vital capabilities, enabling any attacker inside Bluetooth vary to grab full management over the wheelchair with out requiring authorization or bodily entry to the system.

CVE IDAffected ProductsCVSS ScoreVulnerability TypeImpactCVE-2025-14346WHILL Mannequin C2 Electrical Wheelchair, WHILL Mannequin F Energy Chair9.8 (Crucial)Lacking Authentication for Crucial FunctionRemote management takeover through Bluetooth

The vulnerability poses important dangers to customers in healthcare amenities and public areas.

As profitable exploitation might enable malicious actors to control wheelchair actions, doubtlessly inflicting bodily hurt to customers or bystanders.

The affected merchandise are deployed worldwide throughout the Healthcare and Public Well being vital infrastructure sector.

CISA urges organizations and customers to implement rapid defensive measures to mitigate exploitation dangers.

Key suggestions embody minimizing community publicity by guaranteeing units should not accessible from the web, isolating management methods behind firewalls, and utilizing safe Digital Non-public Networks (VPNs) when distant entry is important.

Customers ought to contact WHILL Inc. immediately for particular mitigation steering and potential firmware updates.

Organizations should carry out thorough affect evaluation and danger assessments earlier than deploying protecting measures.

CISA emphasised that no recognized public exploitation has been reported but, however the vital severity warrants rapid consideration.

Comply with us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.

Cyber Security News Tags:, , , , , , , ,

Related Posts

Critical Vulnerability in Carmaker Portal Let Hackers Unlock the Car Remotely Cyber Security News
Hackers Leveraging WhatsApp That Silently Harvest Logs and Contact Details Cyber Security News
Microsoft Intune MDM and Entra ID Leveraged to Elevate your Trust in Device Identity Cyber Security News
Fix for Critical Vulnerabilities in SAP Solution Manager, NetWeaver, and Other Products Cyber Security News
3 Steps to Beat Burnout in Your SOC and Solve Incidents Faster  Cyber Security News
New Attack Technique That Enables Attackers To Exfiltrate Git Credentials In Argocd Cyber Security News