CVE-2026-9395
3.5 LOWA vulnerability was identified in Besen BS20 EV Charging Station up to 20260426
Published: 2026-05-24 · Last updated: 2026-05-26
Severity and scoring
- CVSS
- 3.5 LOW
- Vector
- CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-522
Description
A vulnerability was identified in Besen BS20 EV Charging Station up to 20260426. Affected is an unknown function of the component BLE/UDP. The manipulation leads to insufficiently protected credentials. The attack needs to be initiated within the local network. The original disclosure mentions, that "[t]hese vulnerabilities have been reported to Besen and we have received their acknowlegement that they are reviewing this as of April 2026."
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-41715 — In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials (6.1 MEDIUM)
- CVE-2026-39908 — OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the N... (6.5 MEDIUM)
- CVE-2026-46440 — Flowise is a drag & drop user interface to build a customized large language model flow (9.1 CRITICAL)
- CVE-2026-46511 — HAX CMS helps manage microsite universe with PHP or NodeJs backends
- CVE-2026-7313 — CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote a... (8.7 HIGH)