Search criteria
2 vulnerabilities found for Model F Power Chair by WHILL
CVE-2025-14346 (GCVE-0-2025-14346)
Vulnerability from nvd – Published: 2026-01-05 15:39 – Updated: 2026-01-05 21:20
VLAI?
Summary
WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| WHILL | Model C2 Electric Wheelchair |
Affected:
all
|
|||||||
|
|||||||||
Credits
Billy Rios of the Exploit Development Team - QED Secure Solutions
Jesse Young of the Exploit Development Team - QED Secure Solutions
Brandon Rothel of the Exploit Development Team - QED Secure Solutions
Jonathan Butts of the Exploit Development Team - QED Secure Solutions
Henri Hein of the Exploit Development Team - QED Secure Solutions
Justin Boling of the Exploit Development Team - QED Secure Solutions
Nick Kulesza of the Exploit Development Team - QED Secure Solutions
Ken Natividad of the Exploit Development Team - QED Secure Solutions
Carl Schuett of the Exploit Development Team - QED Secure Solutions
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-05T21:20:21.128157Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T21:20:30.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Model C2 Electric Wheelchair",
"vendor": "WHILL",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Model F Power Chair",
"vendor": "WHILL",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Billy Rios of the Exploit Development Team - QED Secure Solutions"
},
{
"lang": "en",
"type": "finder",
"value": "Jesse Young of the Exploit Development Team - QED Secure Solutions"
},
{
"lang": "en",
"type": "finder",
"value": "Brandon Rothel of the Exploit Development Team - QED Secure Solutions"
},
{
"lang": "en",
"type": "finder",
"value": "Jonathan Butts of the Exploit Development Team - QED Secure Solutions"
},
{
"lang": "en",
"type": "finder",
"value": "Henri Hein of the Exploit Development Team - QED Secure Solutions"
},
{
"lang": "en",
"type": "finder",
"value": "Justin Boling of the Exploit Development Team - QED Secure Solutions"
},
{
"lang": "en",
"type": "finder",
"value": "Nick Kulesza of the Exploit Development Team - QED Secure Solutions"
},
{
"lang": "en",
"type": "finder",
"value": "Ken Natividad of the Exploit Development Team - QED Secure Solutions"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Schuett of the Exploit Development Team - QED Secure Solutions"
}
],
"datePublic": "2025-12-29T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction.\u003c/span\u003e"
}
],
"value": "WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T15:39:19.710Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-364-01"
}
],
"source": {
"advisory": "ICSMA-25-364-01",
"discovery": "UNKNOWN"
},
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "WHILL has deployed the following fixes on December 29th, 2025: \u003cbr\u003e\u003cbr\u003eDevice-Side Speed Profile Protection:\u003cbr\u003e* Implemented a safeguard in the wheelchair firmware to prevent unauthorized modification of speed profiles from the mobile application. \u003cbr\u003e\u003cbr\u003eUnlock Command Restriction During Motion:\u003cbr\u003e* Block unlock commands issued from either the mobile app or the smart key while the wheelchair is in motion. \u003cbr\u003e\u003cbr\u003eApplication JSON File Obfuscation:\u003cbr\u003e* Obfuscate the configuration files used by the mobile application by converting JSON files into a binary format on both Android and iOS platforms.\u003cbr\u003e"
}
],
"value": "WHILL has deployed the following fixes on December 29th, 2025: \n\nDevice-Side Speed Profile Protection:\n* Implemented a safeguard in the wheelchair firmware to prevent unauthorized modification of speed profiles from the mobile application. \n\nUnlock Command Restriction During Motion:\n* Block unlock commands issued from either the mobile app or the smart key while the wheelchair is in motion. \n\nApplication JSON File Obfuscation:\n* Obfuscate the configuration files used by the mobile application by converting JSON files into a binary format on both Android and iOS platforms."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-14346",
"datePublished": "2026-01-05T15:39:19.710Z",
"dateReserved": "2025-12-09T14:54:28.374Z",
"dateUpdated": "2026-01-05T21:20:30.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14346 (GCVE-0-2025-14346)
Vulnerability from cvelistv5 – Published: 2026-01-05 15:39 – Updated: 2026-01-05 21:20
VLAI?
Summary
WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| WHILL | Model C2 Electric Wheelchair |
Affected:
all
|
|||||||
|
|||||||||
Credits
Billy Rios of the Exploit Development Team - QED Secure Solutions
Jesse Young of the Exploit Development Team - QED Secure Solutions
Brandon Rothel of the Exploit Development Team - QED Secure Solutions
Jonathan Butts of the Exploit Development Team - QED Secure Solutions
Henri Hein of the Exploit Development Team - QED Secure Solutions
Justin Boling of the Exploit Development Team - QED Secure Solutions
Nick Kulesza of the Exploit Development Team - QED Secure Solutions
Ken Natividad of the Exploit Development Team - QED Secure Solutions
Carl Schuett of the Exploit Development Team - QED Secure Solutions
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-05T21:20:21.128157Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T21:20:30.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Model C2 Electric Wheelchair",
"vendor": "WHILL",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Model F Power Chair",
"vendor": "WHILL",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Billy Rios of the Exploit Development Team - QED Secure Solutions"
},
{
"lang": "en",
"type": "finder",
"value": "Jesse Young of the Exploit Development Team - QED Secure Solutions"
},
{
"lang": "en",
"type": "finder",
"value": "Brandon Rothel of the Exploit Development Team - QED Secure Solutions"
},
{
"lang": "en",
"type": "finder",
"value": "Jonathan Butts of the Exploit Development Team - QED Secure Solutions"
},
{
"lang": "en",
"type": "finder",
"value": "Henri Hein of the Exploit Development Team - QED Secure Solutions"
},
{
"lang": "en",
"type": "finder",
"value": "Justin Boling of the Exploit Development Team - QED Secure Solutions"
},
{
"lang": "en",
"type": "finder",
"value": "Nick Kulesza of the Exploit Development Team - QED Secure Solutions"
},
{
"lang": "en",
"type": "finder",
"value": "Ken Natividad of the Exploit Development Team - QED Secure Solutions"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Schuett of the Exploit Development Team - QED Secure Solutions"
}
],
"datePublic": "2025-12-29T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction.\u003c/span\u003e"
}
],
"value": "WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T15:39:19.710Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-364-01"
}
],
"source": {
"advisory": "ICSMA-25-364-01",
"discovery": "UNKNOWN"
},
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "WHILL has deployed the following fixes on December 29th, 2025: \u003cbr\u003e\u003cbr\u003eDevice-Side Speed Profile Protection:\u003cbr\u003e* Implemented a safeguard in the wheelchair firmware to prevent unauthorized modification of speed profiles from the mobile application. \u003cbr\u003e\u003cbr\u003eUnlock Command Restriction During Motion:\u003cbr\u003e* Block unlock commands issued from either the mobile app or the smart key while the wheelchair is in motion. \u003cbr\u003e\u003cbr\u003eApplication JSON File Obfuscation:\u003cbr\u003e* Obfuscate the configuration files used by the mobile application by converting JSON files into a binary format on both Android and iOS platforms.\u003cbr\u003e"
}
],
"value": "WHILL has deployed the following fixes on December 29th, 2025: \n\nDevice-Side Speed Profile Protection:\n* Implemented a safeguard in the wheelchair firmware to prevent unauthorized modification of speed profiles from the mobile application. \n\nUnlock Command Restriction During Motion:\n* Block unlock commands issued from either the mobile app or the smart key while the wheelchair is in motion. \n\nApplication JSON File Obfuscation:\n* Obfuscate the configuration files used by the mobile application by converting JSON files into a binary format on both Android and iOS platforms."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-14346",
"datePublished": "2026-01-05T15:39:19.710Z",
"dateReserved": "2025-12-09T14:54:28.374Z",
"dateUpdated": "2026-01-05T21:20:30.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}