Authentication Bypass Vulnerability in Besen BS20 EV Charging Station
CVE-2026-9398

2.3LOW

Key Information:

Vendor

Besen

Status
Bs20 Ev Charging Station
Vendor
CVE Published:
24 May 2026

What is CVE-2026-9398?

A security vulnerability has been identified in the Besen BS20 EV Charging Station, impacting the BLE/WiFi components. This flaw allows for an authentication bypass via capture-replay attacks conducted locally within the network. Although the complexity of execution is high, successful manipulation can expose sensitive interactions with the device. The vulnerability has been acknowledged by Besen, who is actively reviewing the issue as of April 2026. Users should remain vigilant in securing their local network environments to mitigate potential exploits.

Affected Version(s)

BS20 EV Charging Station 20260426

References

https://vuldb.com/vuln/365379
vdb-entry
https://vuldb.com/vuln/365379/cti
signaturepermissions-required
https://vuldb.com/submit/813577
third-party-advisory

CVSS V4

Score:
2.3
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

carfeii (VulDB User)
VulDB CNA Team
.