Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.
AnalysisAI
CTEK Chargeportal's OCPP WebSocket endpoints accept unauthenticated connections, allowing remote attackers to impersonate charging stations by connecting with known or discovered station identifiers and issuing fraudulent OCPP commands to the backend infrastructure. This authentication bypass enables complete control over charging operations, data manipulation, and privilege escalation across the charging network. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special conditions-remote unauthenticated exploitation against default configurations of CTEK Chargeportal. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | This vulnerability presents a complex risk profile requiring nuanced assessment across multiple signals. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker scans internet-facing IP ranges to identify CTEK Chargeportal deployments exposing OCPP WebSocket endpoints (typically TCP ports 80/443 with specific URL paths). Using publicly available OCPP protocol specifications and observed charging station identifier patterns (often sequential or location-based), the attacker establishes WebSocket connections impersonating multiple legitimate chargers. … |
| Remediation | Immediately contact CTEK support at https://www.ctek.com/support to obtain patching guidance and version upgrade information, as vendor advisory details are not publicly specified in available references. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Isolate all CTEK Chargeportal systems from untrusted networks; enable network-based access controls restricting OCPP WebSocket connections to known, authorized station identifiers only; begin inventory of all active charging stations and connected devices. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Chargeportal
View allMissing rate limiting in CTEK Chargeportal's WebSocket API enables remote attackers to launch denial-of-service attacks
A session management vulnerability in CTEK ChargePortal's WebSocket backend allows attackers to hijack charging station
Authentication identifiers for electric vehicle charging stations are publicly exposed through web-based mapping platfor
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-13846