Security Flaw in Besen BS20 EV Charging Station Firmware Component
CVE-2026-9396

6.3MEDIUM

Key Information:

Vendor

Besen

Status
Bs20 Ev Charging Station
Vendor
CVE Published:
24 May 2026

What is CVE-2026-9396?

A security vulnerability has been identified in the Besen BS20 EV Charging Station that affects its firmware version check functionality. This flaw allows for improper restrictions on rendered UI layers, which could potentially be exploited remotely. While the complexity of the attack is considered high, exploiting the vulnerability appears to be challenging. The issue was acknowledged by Besen, who is currently reviewing the reported vulnerabilities as of April 2026.

Affected Version(s)

BS20 EV Charging Station 20260426

References

https://vuldb.com/vuln/365377
vdb-entry
https://vuldb.com/vuln/365377/cti
signaturepermissions-required
https://vuldb.com/submit/813575
third-party-advisory

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

carfeii (VulDB User)
VulDB CNA Team
.