Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability was identified in Besen BS20 EV Charging Station up to 20260426. Affected is an unknown function of the component BLE/UDP. The manipulation leads to insufficiently protected credentials. The attack needs to be initiated within the local network. The original disclosure mentions, that "[t]hese vulnerabilities have been reported to Besen and we have received their acknowlegement that they are reviewing this as of April 2026."
AnalysisAI
Cleartext credential exposure in the Besen BS20 EV Charging Station's BLE and UDP interfaces allows an adjacent-network attacker with low privileges to intercept authentication material transmitted without adequate protection. All firmware versions up to 20260426 are affected per EUVD-2026-31547 and NVD CPE data. Publicly available exploit code exists per a researcher's GitHub disclosure; however, no CISA KEV listing and an EPSS of 0.01% (3rd percentile) indicate no confirmed widespread exploitation at time of analysis.
Technical ContextAI
The Besen BS20 is a home EV charging station that communicates over Bluetooth Low Energy (BLE) and UDP for local pairing, configuration, and authentication workflows - common IoT patterns for mobile-app-driven smart charging devices. CWE-522 (Insufficiently Protected Credentials) at its root means the device transmits or stores credentials without encryption or adequate obfuscation, making them recoverable by passive or active traffic interception. The researcher's GitHub disclosure (github.com/carfeii/besen, Finding 2) specifically identifies cleartext credential transmission across both the BLE and UDP protocol paths, implicating the application-layer handling of authentication data rather than a transport-layer cryptographic failure per se. The CPE string cpe:2.3:a:besen:bs20_ev_charging_station:*:*:*:*:*:*:*:* confirms the affected component is the device's software/firmware stack. BLE and UDP are inherently broadcast-friendly protocols; without explicit credential encryption layered on top, any adjacent receiver can passively harvest exchanged secrets during pairing or session establishment events.
RemediationAI
No vendor-released patch has been identified at time of analysis. Besen acknowledged the report and stated they are reviewing it as of April 2026, but no fix version or remediation timeline has been publicly confirmed - patch availability should be monitored via VulDB (https://vuldb.com/vuln/365376) and the NVD entry. As compensating controls: isolate the BS20 charging station on a dedicated VLAN or network segment accessible only to trusted client devices, directly reducing the population of potential adjacent-network attackers with access to UDP traffic. Disable or limit BLE pairing mode when active mobile-app pairing is not in progress, reducing the window during which BLE credential exchanges can be intercepted. If the LAN uses Wi-Fi, enforce WPA2 or WPA3 authentication to raise the barrier to passive UDP sniffing - though note this does not protect against attackers already legitimately connected to the network. Monitor local network traffic for anomalous UDP activity to or from the charging station as a detection measure. None of these workarounds eliminate the underlying cleartext credential transmission; they reduce attacker opportunity until a firmware fix is released.
More in Bs20 Ev Charging Station
View allImproper authorization in the OTA Update Installation Handler of Besen BS20 EV Charging Station versions up to 20260426
UI layer spoofing in the Besen BS20 EV Charging Station's Firmware Version Check component allows remote unauthenticated
Unauthenticated capture-replay authentication bypass in the Besen BS20 EV Charging Station (firmware up to 20260426) exp
Weak password requirements in the Bluetooth Low Energy (BLE) handler of the Besen BS20 EV Charging Station (firmware up
Same weakness CWE-522 – Insufficiently Protected Credentials
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31547
GHSA-cvv7-f8m3-cjxx