CISA Warns of WHILL Model C2 Wheelchairs Vulnerability Let Attackers Take Control of Product

CISA Warns of WHILL Model C2 Wheelchairs Vulnerability Let Attackers Take Control of Product

Posted on By CWS

A vital safety advisory warned of extreme vulnerabilities in WHILL electrical wheelchairs that might enable attackers to hijack the units through Bluetooth remotely.

The alert impacts two standard fashions used worldwide: the WHILL Mannequin C2 Electrical Wheelchair and Mannequin F Energy Chair, each manufactured by Japan-based WHILL Inc.

Safety researchers from QED Safe Options found a harmful flaw, tracked as CVE-2025-14346, with a most CVSS rating of 9.8 out of 10, classifying it as vital severity.

The vulnerability stems from lacking authentication for vital capabilities, enabling any attacker inside Bluetooth vary to grab full management over the wheelchair with out requiring authorization or bodily entry to the system.

CVE IDAffected ProductsCVSS ScoreVulnerability TypeImpactCVE-2025-14346WHILL Mannequin C2 Electrical Wheelchair, WHILL Mannequin F Energy Chair9.8 (Crucial)Lacking Authentication for Crucial FunctionRemote management takeover through Bluetooth

The vulnerability poses important dangers to customers in healthcare amenities and public areas.

As profitable exploitation might enable malicious actors to control wheelchair actions, doubtlessly inflicting bodily hurt to customers or bystanders.

The affected merchandise are deployed worldwide throughout the Healthcare and Public Well being vital infrastructure sector.

CISA urges organizations and customers to implement rapid defensive measures to mitigate exploitation dangers.

Key suggestions embody minimizing community publicity by guaranteeing units should not accessible from the web, isolating management methods behind firewalls, and utilizing safe Digital Non-public Networks (VPNs) when distant entry is important.

Customers ought to contact WHILL Inc. immediately for particular mitigation steering and potential firmware updates.

Organizations should carry out thorough affect evaluation and danger assessments earlier than deploying protecting measures.

CISA emphasised that no recognized public exploitation has been reported but, however the vital severity warrants rapid consideration.

Comply with us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.

Cyber Security News Tags:, , , , , , , ,

Related Posts

Jenkins Gatling Plugin Vulnerability Let Attackers Bypass Content-Security-Policy Protection Jenkins Gatling Plugin Vulnerability Let Attackers Bypass Content-Security-Policy Protection Cyber Security News
Windows 11 Notepad to Get AI Support for Free to Generate and Summarize Text Windows 11 Notepad to Get AI Support for Free to Generate and Summarize Text Cyber Security News
Threat Actors Compromise 270+ Legitimate Websites With Malicious JavaScript Using JSFireTruck Obfuscation Threat Actors Compromise 270+ Legitimate Websites With Malicious JavaScript Using JSFireTruck Obfuscation Cyber Security News
Hackers Actively Exploiting AI Deployments Hackers Actively Exploiting AI Deployments Cyber Security News
Smart Bus Systems Vulnerability Let Hackers Remotely Track and Control Vehicles Smart Bus Systems Vulnerability Let Hackers Remotely Track and Control Vehicles Cyber Security News
Hackers Attacking Remote Desktop Protocol Services With 30,000+ New IP Addresses Daily Hackers Attacking Remote Desktop Protocol Services With 30,000+ New IP Addresses Daily Cyber Security News