Skip to main content

CTEK Chargeportal EUVDEUVD-2026-13846

| CVE-2026-25192 CRITICAL
Missing Authentication for Critical Function (CWE-306)
2026-03-20 icscert
9.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

6
Analysis Updated
May 06, 2026 - 15:27 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 06, 2026 - 15:22 vuln.today
cvss_changed
CVSS changed
May 06, 2026 - 15:22 NVD
9.4 (CRITICAL) 9.3 (CRITICAL)
EUVD ID Assigned
Mar 20, 2026 - 23:01 euvd
EUVD-2026-13846
Analysis Generated
Mar 20, 2026 - 23:01 vuln.today
CVE Published
Mar 20, 2026 - 22:42 nvd
CRITICAL 9.4

DescriptionCVE.org

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.

AnalysisAI

CTEK Chargeportal's OCPP WebSocket endpoints accept unauthenticated connections, allowing remote attackers to impersonate charging stations by connecting with known or discovered station identifiers and issuing fraudulent OCPP commands to the backend infrastructure. This authentication bypass enables complete control over charging operations, data manipulation, and privilege escalation across the charging network. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Scan for exposed OCPP endpoints
Delivery
Enumerate station identifiers
Exploit
Connect via WebSocket as impersonated charger
Execution
Send fraudulent OCPP commands
Impact
Manipulate charging operations and backend data

Vulnerability AssessmentAI

Exploitation No special conditions-remote unauthenticated exploitation against default configurations of CTEK Chargeportal. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This vulnerability presents a complex risk profile requiring nuanced assessment across multiple signals. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker scans internet-facing IP ranges to identify CTEK Chargeportal deployments exposing OCPP WebSocket endpoints (typically TCP ports 80/443 with specific URL paths). Using publicly available OCPP protocol specifications and observed charging station identifier patterns (often sequential or location-based), the attacker establishes WebSocket connections impersonating multiple legitimate chargers. …
Remediation Immediately contact CTEK support at https://www.ctek.com/support to obtain patching guidance and version upgrade information, as vendor advisory details are not publicly specified in available references. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Isolate all CTEK Chargeportal systems from untrusted networks; enable network-based access controls restricting OCPP WebSocket connections to known, authorized station identifiers only; begin inventory of all active charging stations and connected devices. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-13846 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy