Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable OCPP message with low complexity, but sending the ReserveLogin DataTransfer needs a privileged/trusted CSMS session (PR:H); root execution gives full C/I/A impact with unchanged scope.
Primary rating from Vendor (DIVD).
CVSS VectorVendor: DIVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
The OCPP DataTransfer message ReserveLogin is vulnerable to command injection. By manipulating the data value, arbitrary OS commands can be executed as root.
AnalysisAI
OS command injection in the EVBEE DC-80 electric-vehicle DC charger lets an actor who can send OCPP messages execute arbitrary commands as root by tampering with the data value of the vendor-specific ReserveLogin DataTransfer message. The flaw was reported by DIVD (Dutch Institute for Vulnerability Disclosure) and affects the charger's OCPP handling; no public exploit identified at time of analysis and it is not listed in CISA KEV. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the ability to send an OCPP `DataTransfer` message with the vendor-specific action `ReserveLogin` to the EVBEE DC-80, and to control that message's data value - i.e. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-supplied CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:H/UI:N, VC:H/VI:H/VA:H, score 8.6) indicates a network-reachable, low-complexity attack requiring high privileges and no user interaction, yielding full confidentiality, integrity and availability loss on the charger. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has gained control of the CSMS backend, or who can otherwise inject OCPP messages onto the trusted management channel, sends a `DataTransfer` message with vendor action `ReserveLogin` whose data field embeds shell metacharacters and an OS command. The charger passes the value into a shell and runs the command as root, giving the attacker full control of the charging station firmware. … |
| Remediation | No vendor-released patch version is identified in the provided data; consult the DIVD advisory at https://csirt.divd.nl/DIVD-2026-00001/ and EVBEE for firmware updates and apply any released fix as the primary remediation. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all EVBEE DC-80 units in operation, document which are actively connected to OCPP networks, and prioritize isolation of units serving critical operations or high-traffic locations. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Command injection in the evbee DC-80 EV charger allows remote unauthenticated attackers to execute arbitrary operating-s
Arbitrary code execution in the EVBEE DC-80 EV charging station stems from a firmware update mechanism that ships withou
Arbitrary file write in the Evbee DC-80 EV charging station lets remote unauthenticated attackers overwrite any file on
Missing authentication on the evbee DC-80 EV charging station exposes an administrative web server on TCP port 8090 that
Remote code execution in the evbee DC-80 EV charging station is possible through a command injection flaw in the network
Sensitive-data logging in the Evbee DC-80 DC EV charger writes secrets such as user passwords and charging card (RFID) U
Bluetooth authentication bypass in the Evbee DC-80 DC EV charging station lets an attacker within radio range issue priv
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43327