Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.2
CVE-2026-9397: Besen BS20 EV Charging Station: Unauthorized Update Access
CVE-2026-9397
Summary
A security weakness has been found in the Besen BS20 EV Charging Station's ability to install software updates remotely. This means an attacker could potentially access the charging station's update system without permission. Besen is aware of the issue and is reviewing it, so it's likely they will release a fix soon.
Original title
A weakness has been identified in Besen BS20 EV Charging Station up to 20260426. Affected by this issue is some unknown functionality of the component OTA Update Installation Handler. This manipula...
Original description
A weakness has been identified in Besen BS20 EV Charging Station up to 20260426. Affected by this issue is some unknown functionality of the component OTA Update Installation Handler. This manipulation causes improper authorization. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The original disclosure mentions, that "[t]hese vulnerabilities have been reported to Besen and we have received their acknowlegement that they are reviewing this as of April 2026."
nvd CVSS2.0
7.6
nvd CVSS3.1
8.1
nvd CVSS4.0
8.2
Vulnerability type
CWE-266
Incorrect Privilege Assignment
CWE-285
Improper Authorization
Published: 24 May 2026 · Updated: 31 May 2026 · First seen: 26 May 2026