CVE-2025-14346

CRITICAL

WHILL Model C2/F - RCE

Title source: llm

Description

WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction.

References (1)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-364-01

Scores

CVSS v3 9.8

EPSS 0.0009

EPSS Percentile 26.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-306

Status draft

Timeline

Published Jan 05, 2026

Tracked Since Feb 18, 2026