Skip to main content

Dc 80 CVE-2026-22096

| EUVDEUVD-2026-43328 CRITICAL
Missing Authentication for Critical Function (CWE-306)
2026-07-13 DIVD
9.3
CVSS 4.0 · Vendor: DIVD
Share

Severity by source

Vendor (DIVD) PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (DIVD) · only source for this CVE.

CVSS VectorVendor: DIVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jul 13, 2026 - 12:01 EUVD
Analysis Generated
Jul 13, 2026 - 11:11 vuln.today
CVE Published
Jul 13, 2026 - 09:10 cve.org
CRITICAL 9.3

DescriptionCVE.org

The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints.

AnalysisAI

Missing authentication on the evbee DC-80 EV charging station exposes an administrative web server on TCP port 8090 that requires no login, allowing remote unauthenticated attackers to read sensitive data such as configured passwords and to upload arbitrary files via multiple endpoints. Reported through the DIVD CSIRT coordinated-disclosure program (DIVD-2026-00001), the flaw carries a CVSS 4.0 base score of 9.3 with a fully network-exploitable, no-privilege vector. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

Within 24 hours: Immediately isolate all evbee DC-80 charging stations from internet-facing network segments and block inbound access to TCP port 8090 at the firewall perimeter; document all affected assets. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-22096 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy