QSearchQSearch

CVE-2026-9039

A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication...

Published: 2026-05-28 · Last updated: 2026-05-29

Severity and scoring

CWE
CWE-1188

Description

A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default administrative credential. A malicious device physically connected to the charging interface could leverage this misconfiguration to obtain full administrative access.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-46517 LMDeploy is a toolkit for compressing, deploying, and serving large language models (7.8 HIGH)
  • CVE-2026-36616 Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS... (5.9 MEDIUM)
  • CVE-2026-36612 Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 enables WPS 2.0 by default with a weak lockout policy (60-second lockout after 1... (6.4 MEDIUM)
  • CVE-2026-44825 Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enable) in Apache Solr versions 9.4.0 through 9.10.1 and 10.0... (8.1 HIGH)
  • CVE-2026-35672 phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unaut... (7.5 HIGH)