Swtchenergy.Com
CVE-2026-25113
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.
AnalysisAI
Switchenergy.com's WebSocket API fails to implement rate limiting on authentication attempts, enabling attackers to launch denial-of-service attacks against the platform's charger telemetry infrastructure or execute brute-force credential attacks. This network-accessible vulnerability requires no authentication or user interaction, making it trivial to exploit and potentially exposing the service to sustained availability disruptions or account compromise.
Technical ContextAI
Classified as CWE-307 (Improper Restriction of Excessive Authentication Attempts). Affects Swtchenergy.Com. The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Swtchenergy.Com
View allMissing WebSocket authentication — fourth CVE in the industrial platform WebSocket family. Same CWE-306 root cause enabl
Session hijacking in Swtchenergy.Com's WebSocket backend allows remote attackers to impersonate legitimate charging stat
Switchenergy.Com exposes charging station authentication credentials through publicly accessible web-based mapping platf
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today