Insufficient Credential Protection in Besen BS20 EV Charging Station
CVE-2026-9395

5.1MEDIUM

Key Information:

Vendor

Besen

Status
Bs20 Ev Charging Station
Vendor
CVE Published:
24 May 2026

What is CVE-2026-9395?

A vulnerability exists in the Besen BS20 EV Charging Station that affects the BLE/UDP component, allowing insufficiently protected credential exposure. This flaw requires an attacker to be within the local network to exploit. Users may be subjected to unauthorized access due to weak protections around sensitive information. Besen has acknowledged the issue and is currently assessing potential fixes for the affected product.

Affected Version(s)

BS20 EV Charging Station 20260426

References

https://vuldb.com/vuln/365376
vdb-entry
https://vuldb.com/vuln/365376/cti
signaturepermissions-required
https://vuldb.com/submit/813572
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

carfeii (VulDB User)
VulDB CNA Team
.