Improper Authorization Flaw in Besen BS20 EV Charging Station
CVE-2026-9397

9.2CRITICAL

Key Information:

Vendor

Besen

Status
Bs20 Ev Charging Station
Vendor
CVE Published:
24 May 2026

What is CVE-2026-9397?

A vulnerability exists within the OTA Update Installation Handler of the Besen BS20 EV Charging Station. This weakness allows improper authorization, enabling potential attackers to manipulate the device remotely. The complexity of such an attack is high, and exploitation requires advanced techniques. The vulnerability has been acknowledged by Besen, which is currently reviewing the issue. Proper safeguards and updates are essential to mitigate risks associated with this vulnerability.

Affected Version(s)

BS20 EV Charging Station 20260426

References

https://vuldb.com/vuln/365378
vdb-entry
https://vuldb.com/vuln/365378/cti
signaturepermissions-required
https://vuldb.com/submit/813576
third-party-advisory

CVSS V4

Score:
9.2
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

carfeii (VulDB User)
VulDB CNA Team
.