Skip to main content

evbee DC-80 CVE-2026-22095

| EUVDEUVD-2026-43326 CRITICAL
Command Injection (CWE-77)
2026-07-13 DIVD
9.3
CVSS 4.0 · Vendor: DIVD
Share

Severity by source

Vendor (DIVD) PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.8 CRITICAL

Remote, unauthenticated, low-complexity command injection on a network-reachable endpoint yields full device C/I/A loss; scope unchanged as the impact stays within the vulnerable firmware.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (DIVD).

CVSS VectorVendor: DIVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jul 13, 2026 - 12:01 EUVD
Analysis Generated
Jul 13, 2026 - 11:13 vuln.today
CVE Published
Jul 13, 2026 - 09:10 cve.org
CRITICAL 9.3

DescriptionCVE.org

The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection.

AnalysisAI

Remote code execution in the evbee DC-80 EV charging station is possible through a command injection flaw in the network diagnosis endpoint exposed on the web server at TCP port 8090. Because the CVSS 4.0 vector specifies no privileges and no user interaction (AV:N/PR:N/UI:N), a remote unauthenticated attacker who can reach port 8090 can inject operating-system commands and fully compromise the device. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach charger web server on port 8090
Delivery
Submit crafted input to network-diagnosis endpoint
Exploit
Inject OS command via shell metacharacters
Execution
Execute arbitrary commands on firmware
Impact
Full device compromise and network pivot

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to TCP port 8090 (the web server hosting the network-diagnosis endpoint) on an evbee DC-80 charging station; the attacker submits input to that diagnosis function containing OS command separators. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals converge on genuine high severity: the CVSS 4.0 base vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H, score 9.3 Critical) describes a network-reachable, low-complexity, unauthenticated attack with total loss of confidentiality, integrity, and availability of the device, and no attack requirements. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach the charger's management interface - for example an internet-exposed unit found via internet-wide scanning, or a malicious actor on the same operator network - sends a crafted request to the network-diagnosis endpoint on port 8090, appending shell metacharacters to the diagnostic input. The injected commands run in the firmware's OS context, letting the attacker execute arbitrary code, pivot into the charging network, or disrupt the device. …
Remediation No vendor-released patch identified at time of analysis, so remediation currently centers on exposure reduction: consult the DIVD advisory at https://csirt.divd.nl/DIVD-2026-00001/ for the latest vendor status and apply any evbee firmware update as soon as one is published. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, identify all evbee DC-80 charging stations in your environment and configure firewall rules to isolate TCP port 8090 from untrusted networks; create a complete inventory documenting location, network access, and connectivity. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-22095 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy