Handler on Duty: Didier Stevens
Threat Level: green
| Published | 2026-05-24 20:16:44 |
|---|---|
| Last Modified | 2026-05-24 20:16:44 |
| AKA | CVE-2026-9395 |
| Summary | A vulnerability was identified in Besen BS20 EV Charging Station up to 20260426. Affected is an unknown function of the component BLE/UDP. The manipulation leads to insufficiently protected credentials. The attack needs to be initiated within the local network. The original disclosure mentions, that "[t]hese vulnerabilities have been reported to Besen and we have received their acknowlegement that they are reviewing this as of April 2026." |
| CVSS Score | 2.7 |
| Access Vector | Local | Adjacent | Network |
|---|---|---|---|
| Access Complexity | Low | Medium | High |
| Authentication | None | Single | Multiple |
| Confidentiality | None | Partial | Complete |
| Integrity | None | Partial | Complete |
| Availability | None | Partial | Complete |