All CISA Advisories, EN

WHILL Model C2 Electric Wheelchairs and Model F Power Chairs

2025-12-30 19:12

Summary

Successful exploitation of this vulnerability could allow an attacker within Bluetooth range to take control over the product.

The following versions of WHILL Model C2 Electric Wheelchairs and Model F Power Chairs are affected:

Model C2 Electric WheelChair (CVE-2025-14346)
Model F Power Chair (CVE-2025-14346)

CVSS	Vendor	Equipment	Vulnerabilities
v3 9.8	WHILL Inc.	WHILL Model C2 Electric Wheelchairs and Model F Power Chairs	Missing Authentication for Critical Function

Background

Critical Infrastructure Sectors: Healthcare and Public Health
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Japan

Vulnerabilities

CVE-2025-14346

WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction.

View CVE Details

Affected Products

WHILL Model C2 Electric Wheelchairs and Model F Power Chairs

Vendor:
WHILL Inc.

Product Version:
WHILL Inc. Model C2 Electric WheelChair: vers:all/*, WHILL Inc. Model F Power Chair: vers:all/*

Product Status:
known_affected

Remediations

Mitigation
WHILL has deployed the following fixes on December 29th, 2025:

Mit

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

WHILL Model C2 Electric Wheelchairs and Model F Power Chairs

Share this:
Facebook
X
LinkedIn
Like this:
Like Loading...

Related

Tags: All CISA Advisories EN

Post navigation

← NDSS 2025 – Distributed Function Secret Sharing And Applications

Magecart Campaign Deploys 50+ Malicious Scripts to Hijack E-Commerce Transactions →

Search for:
Pages

Advertising

Contact

Legal and Contact information

Opt-out preferences

Privacy Policy

Social Media

Apps

Telegram Channel

Recent Posts

An early end to the holidays: ‘Heartbleed of MongoDB’ is now under active exploit December 30, 2025

Bluetooth Headphones Can Be Weaponized to Hack Phones December 30, 2025

Hackers Advertised VOID ‘AV Killer’ with Kernel-level Termination Claims December 30, 2025

Massive Magecart with 50+ Malicious Scripts Hijacking Checkout and Account Creation Flows December 30, 2025

Widely Used Malicious Extensions Steal ChatGPT, DeepSeek Conversations December 30, 2025

ESET Warns AI-driven Malware Attack and Rapidly Growing Ransomware Economy December 30, 2025

Copilot Studio Feature Enables Silent AI Backdoors December 30, 2025

CISA Releases Two Industrial Control Systems Advisories December 30, 2025

Hackers Infiltrated Maven Central Masquerading as a Legitimate Jackson JSON Library December 30, 2025

European Space Agency Confirms Breach of Servers Outside the Corporate Network December 30, 2025

New Spear-Phishing Attack Targeting Security Individuals in Israel Region December 30, 2025

New Spear-Phishing Attack Targeting Security Individuals in the Israel Region December 30, 2025

Critical IBM API Connect Flaw Allows Attackers to Bypass Authentication December 30, 2025

ESET Flags Rising Threat of AI-Driven Malware and Ransomware December 30, 2025

Hackers Promote “VOID” AV Killer Claiming Kernel-Level Defense Evasion December 30, 2025

Magecart Campaign Deploys 50+ Malicious Scripts to Hijack E-Commerce Transactions December 30, 2025

WHILL Model C2 Electric Wheelchairs and Model F Power Chairs December 30, 2025

NDSS 2025 – Distributed Function Secret Sharing And Applications December 30, 2025

Korean Air Confirms Employee Data Leak Linked to Third-Party Breach December 30, 2025

CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution December 30, 2025

Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Manage Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options

Manage services

Manage {vendor_count} vendors

Read more about these purposes

View preferences

{title}

{title}

{title}