Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A security flaw has been discovered in Besen BS20 EV Charging Station up to 20260426. Affected by this vulnerability is an unknown functionality of the component Firmware Version Check. The manipulation results in improper restriction of rendered ui layers. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitation appears to be difficult. The original disclosure mentions, that "[t]hese vulnerabilities have been reported to Besen and we have received their acknowlegement that they are reviewing this as of April 2026."
AnalysisAI
UI layer spoofing in the Besen BS20 EV Charging Station's Firmware Version Check component allows remote unauthenticated attackers to manipulate rendered UI layers (CWE-1021), producing falsified firmware version displays with a limited integrity impact on the vulnerable system. All firmware builds up to 20260426 are affected per ENISA EUVD-2026-31552, with a publicly documented proof-of-concept available on GitHub. Vendor acknowledgment was received as of April 2026 with no released patch confirmed - attack complexity is rated High and EPSS exploitation probability sits at 0.03% (8th percentile), indicating negligible real-world exploitation likelihood at this time.
Technical ContextAI
CWE-1021 (Improper Restriction of Rendered UI Layers or Frames) describes a vulnerability class where an application fails to prevent an attacker from overlaying or spoofing UI elements presented to users - classically associated with clickjacking but here manifesting as firmware version manipulation and UI spoofing in the device's Firmware Version Check interface. The affected product is identified by CPE cpe:2.3:a:besen:bs20_ev_charging_station:*:*:*:*:*:*:*:*, an embedded EV charging station controller produced by Besen. The Firmware Version Check component, likely exposed via a web-based management interface, does not properly restrict rendered UI layers, enabling an attacker to cause the device to present falsified firmware version information to administrators. The XSS tag applied by VulDB's intelligence pipeline suggests a possible cross-site scripting dimension to the attack surface, though the primary CWE classification points specifically to UI layer restriction failure rather than script injection. Notably, CWE-1021 vulnerabilities canonically require user interaction, which creates a tension with the CVSS 4.0 UI:N assignment that warrants verification against the researcher's published POC.
RemediationAI
No vendor-released patch has been confirmed at the time of analysis - Besen acknowledged receipt of the disclosure and indicated active review as of April 2026, per the original researcher disclosure, but no fix version or timeline has been published. Operators should monitor VulDB advisory https://vuldb.com/vuln/365377 and the Besen vendor channel for patch announcements. As a primary compensating control, restrict network access to the BS20 management interface - specifically the Firmware Version Check endpoint - to trusted administrative VLANs or subnets only, directly reducing exposure given the AV:N attack vector; this limits operational flexibility by requiring administrators to access the interface from approved network segments. Where operationally feasible, disabling remote management access entirely eliminates the attack vector at the cost of requiring local or console-based firmware management. Operators should independently verify device firmware integrity through out-of-band means (e.g., physical inspection, vendor-provided hash verification) rather than relying solely on the web UI display, which is the vector for the falsified output.
More in Bs20 Ev Charging Station
View allImproper authorization in the OTA Update Installation Handler of Besen BS20 EV Charging Station versions up to 20260426
Cleartext credential exposure in the Besen BS20 EV Charging Station's BLE and UDP interfaces allows an adjacent-network
Unauthenticated capture-replay authentication bypass in the Besen BS20 EV Charging Station (firmware up to 20260426) exp
Weak password requirements in the Bluetooth Low Energy (BLE) handler of the Besen BS20 EV Charging Station (firmware up
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31552
GHSA-8j4m-2qxx-4mqg