Skip to main content

Swtchenergy.Com CVE-2026-25113

HIGH
Improper Restriction of Excessive Authentication Attempts (CWE-307)
2026-02-27 ics-cert@hq.dhs.gov
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 27, 2026 - 00:16 nvd
HIGH 7.5

DescriptionCVE.org

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.

AnalysisAI

Switchenergy.com's WebSocket API fails to implement rate limiting on authentication attempts, enabling attackers to launch denial-of-service attacks against the platform's charger telemetry infrastructure or execute brute-force credential attacks. This network-accessible vulnerability requires no authentication or user interaction, making it trivial to exploit and potentially exposing the service to sustained availability disruptions or account compromise.

Technical ContextAI

Classified as CWE-307 (Improper Restriction of Excessive Authentication Attempts). Affects Swtchenergy.Com. The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Share

CVE-2026-25113 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy