CISA Warns of WHILL Model C2 Wheelchairs Vulnerability Let Attackers Take Control of Product

CISA Warns of WHILL Model C2 Wheelchairs Vulnerability Let Attackers Take Control of Product

Posted on By CWS

A vital safety advisory warned of extreme vulnerabilities in WHILL electrical wheelchairs that might enable attackers to hijack the units through Bluetooth remotely.

The alert impacts two standard fashions used worldwide: the WHILL Mannequin C2 Electrical Wheelchair and Mannequin F Energy Chair, each manufactured by Japan-based WHILL Inc.

Safety researchers from QED Safe Options found a harmful flaw, tracked as CVE-2025-14346, with a most CVSS rating of 9.8 out of 10, classifying it as vital severity.

The vulnerability stems from lacking authentication for vital capabilities, enabling any attacker inside Bluetooth vary to grab full management over the wheelchair with out requiring authorization or bodily entry to the system.

CVE IDAffected ProductsCVSS ScoreVulnerability TypeImpactCVE-2025-14346WHILL Mannequin C2 Electrical Wheelchair, WHILL Mannequin F Energy Chair9.8 (Crucial)Lacking Authentication for Crucial FunctionRemote management takeover through Bluetooth

The vulnerability poses important dangers to customers in healthcare amenities and public areas.

As profitable exploitation might enable malicious actors to control wheelchair actions, doubtlessly inflicting bodily hurt to customers or bystanders.

The affected merchandise are deployed worldwide throughout the Healthcare and Public Well being vital infrastructure sector.

CISA urges organizations and customers to implement rapid defensive measures to mitigate exploitation dangers.

Key suggestions embody minimizing community publicity by guaranteeing units should not accessible from the web, isolating management methods behind firewalls, and utilizing safe Digital Non-public Networks (VPNs) when distant entry is important.

Customers ought to contact WHILL Inc. immediately for particular mitigation steering and potential firmware updates.

Organizations should carry out thorough affect evaluation and danger assessments earlier than deploying protecting measures.

CISA emphasised that no recognized public exploitation has been reported but, however the vital severity warrants rapid consideration.

Comply with us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.

Cyber Security News Tags:, , , , , , , ,

Related Posts

Researchers Reversed Asgard Malware Protector to Uncover it’s Antivirus Bypass Techniques Researchers Reversed Asgard Malware Protector to Uncover it’s Antivirus Bypass Techniques Cyber Security News
Handala Hackers Targeted Israeli Officials by Compromising Telegram Accounts Handala Hackers Targeted Israeli Officials by Compromising Telegram Accounts Cyber Security News
CISA Warns of Windows Privilege Escalation Vulnerability Exploited in Attacks CISA Warns of Windows Privilege Escalation Vulnerability Exploited in Attacks Cyber Security News
3 SOC Metrics Improved With Sandbox Analysis  3 SOC Metrics Improved With Sandbox Analysis  Cyber Security News
Lumma Affiliates Using Advanced Evasion Tools Designed to Ensure Stealth and Continuity Lumma Affiliates Using Advanced Evasion Tools Designed to Ensure Stealth and Continuity Cyber Security News
LockBit Operators Using Stealthy DLL Sideloading Technique to Load Malicious App as Legitimate One LockBit Operators Using Stealthy DLL Sideloading Technique to Load Malicious App as Legitimate One Cyber Security News