Bs20 Ev Charging Station
Monthly
Unauthenticated capture-replay authentication bypass in the Besen BS20 EV Charging Station (firmware up to 20260426) exposes the device's BLE/WiFi interface to unauthorized command injection. An attacker physically adjacent to the charger can intercept and replay wireless authentication tokens to issue tampered charging commands without valid credentials. No patch has been released as of the analysis date; the vendor acknowledged the report in April 2026 and confirmed they are reviewing it. Publicly available proof-of-concept code exists (CVSS E:P), though exploitation probability remains very low (EPSS 0.03%, 11th percentile), consistent with the high attack complexity and adjacent-only access requirement.
Improper authorization in the OTA Update Installation Handler of Besen BS20 EV Charging Station versions up to 20260426 allows remote attackers to install spoofed firmware updates on affected charging stations. The flaw is network-reachable with no authentication required, but exploitation carries high attack complexity (CVSS 4.0 8.2), and publicly available exploit code exists via the original researcher disclosure on GitHub. EPSS rates exploitation probability at only 0.04% (12th percentile), and CISA SSVC flags exploitation status as 'none' despite the public proof-of-concept.
UI layer spoofing in the Besen BS20 EV Charging Station's Firmware Version Check component allows remote unauthenticated attackers to manipulate rendered UI layers (CWE-1021), producing falsified firmware version displays with a limited integrity impact on the vulnerable system. All firmware builds up to 20260426 are affected per ENISA EUVD-2026-31552, with a publicly documented proof-of-concept available on GitHub. Vendor acknowledgment was received as of April 2026 with no released patch confirmed - attack complexity is rated High and EPSS exploitation probability sits at 0.03% (8th percentile), indicating negligible real-world exploitation likelihood at this time.
Cleartext credential exposure in the Besen BS20 EV Charging Station's BLE and UDP interfaces allows an adjacent-network attacker with low privileges to intercept authentication material transmitted without adequate protection. All firmware versions up to 20260426 are affected per EUVD-2026-31547 and NVD CPE data. Publicly available exploit code exists per a researcher's GitHub disclosure; however, no CISA KEV listing and an EPSS of 0.01% (3rd percentile) indicate no confirmed widespread exploitation at time of analysis.
Weak password requirements in the Bluetooth Low Energy (BLE) handler of the Besen BS20 EV Charging Station (firmware up to 20260426) expose the device to credential brute-forcing from adjacent-network attackers within Bluetooth range. The flaw, catalogued under CWE-521, results in limited confidentiality impact (VC:L in CVSS 4.0) with no integrity or availability consequences, yielding an overall CVSS 4.0 score of 1.3. Publicly available exploit code exists (E:P in CVSS vector, GitHub PoC at carfeii/besen), though EPSS sits at 0.01% (2nd percentile), and no active exploitation has been confirmed by CISA KEV. Besen acknowledged the report as of April 2026 but no patched firmware version has been released.
Unauthenticated capture-replay authentication bypass in the Besen BS20 EV Charging Station (firmware up to 20260426) exposes the device's BLE/WiFi interface to unauthorized command injection. An attacker physically adjacent to the charger can intercept and replay wireless authentication tokens to issue tampered charging commands without valid credentials. No patch has been released as of the analysis date; the vendor acknowledged the report in April 2026 and confirmed they are reviewing it. Publicly available proof-of-concept code exists (CVSS E:P), though exploitation probability remains very low (EPSS 0.03%, 11th percentile), consistent with the high attack complexity and adjacent-only access requirement.
Improper authorization in the OTA Update Installation Handler of Besen BS20 EV Charging Station versions up to 20260426 allows remote attackers to install spoofed firmware updates on affected charging stations. The flaw is network-reachable with no authentication required, but exploitation carries high attack complexity (CVSS 4.0 8.2), and publicly available exploit code exists via the original researcher disclosure on GitHub. EPSS rates exploitation probability at only 0.04% (12th percentile), and CISA SSVC flags exploitation status as 'none' despite the public proof-of-concept.
UI layer spoofing in the Besen BS20 EV Charging Station's Firmware Version Check component allows remote unauthenticated attackers to manipulate rendered UI layers (CWE-1021), producing falsified firmware version displays with a limited integrity impact on the vulnerable system. All firmware builds up to 20260426 are affected per ENISA EUVD-2026-31552, with a publicly documented proof-of-concept available on GitHub. Vendor acknowledgment was received as of April 2026 with no released patch confirmed - attack complexity is rated High and EPSS exploitation probability sits at 0.03% (8th percentile), indicating negligible real-world exploitation likelihood at this time.
Cleartext credential exposure in the Besen BS20 EV Charging Station's BLE and UDP interfaces allows an adjacent-network attacker with low privileges to intercept authentication material transmitted without adequate protection. All firmware versions up to 20260426 are affected per EUVD-2026-31547 and NVD CPE data. Publicly available exploit code exists per a researcher's GitHub disclosure; however, no CISA KEV listing and an EPSS of 0.01% (3rd percentile) indicate no confirmed widespread exploitation at time of analysis.
Weak password requirements in the Bluetooth Low Energy (BLE) handler of the Besen BS20 EV Charging Station (firmware up to 20260426) expose the device to credential brute-forcing from adjacent-network attackers within Bluetooth range. The flaw, catalogued under CWE-521, results in limited confidentiality impact (VC:L in CVSS 4.0) with no integrity or availability consequences, yielding an overall CVSS 4.0 score of 1.3. Publicly available exploit code exists (E:P in CVSS vector, GitHub PoC at carfeii/besen), though EPSS sits at 0.01% (2nd percentile), and no active exploitation has been confirmed by CISA KEV. Besen acknowledged the report as of April 2026 but no patched firmware version has been released.