Swtchenergy.Com
CVE-2026-27773
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
AnalysisAI
Switchenergy.Com exposes charging station authentication credentials through publicly accessible web-based mapping platforms, allowing unauthenticated attackers to discover and potentially intercept sensitive authentication data. This vulnerability affects users and operators relying on the platform's mapping functionality and could enable unauthorized access to charging infrastructure. No patch is currently available to address this exposure.
Technical ContextAI
Classified as CWE-522 (Insufficiently Protected Credentials). Affects Swtchenergy.Com. Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Swtchenergy.Com
View allMissing WebSocket authentication — fourth CVE in the industrial platform WebSocket family. Same CWE-306 root cause enabl
Switchenergy.com's WebSocket API fails to implement rate limiting on authentication attempts, enabling attackers to laun
Session hijacking in Swtchenergy.Com's WebSocket backend allows remote attackers to impersonate legitimate charging stat
Same weakness CWE-522 – Insufficiently Protected Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today