Description
The EVbee Service Android app uses TLS encrypted communication (HTTPS), but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is weakly encrypted using RC4 with a hardcoded key, which allows an attacker to gain access to the communication. Part of this communication involves access codes to charging stations.
This issue affects EVbee Service: v1.4.101.00.
This issue affects EVbee Service: v1.4.101.00.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
| Link | Providers |
|---|---|
| https://csirt.divd.nl/DIVD-2026-00001/ |
|
History
Mon, 13 Jul 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Evbee
Evbee evbee Service |
|
| Vendors & Products |
Evbee
Evbee evbee Service |
Mon, 13 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 13 Jul 2026 10:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The EVbee Service Android app uses TLS encrypted communication (HTTPS), but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is weakly encrypted using RC4 with a hardcoded key, which allows an attacker to gain access to the communication. Part of this communication involves access codes to charging stations. This issue affects EVbee Service: v1.4.101.00. | |
| Title | Adversary-in-the-Middle (AitM) attack vulnerability in EVbee Service app | |
| Weaknesses | CWE-295 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: DIVD
Published:
Updated: 2026-07-13T13:12:56.764Z
Reserved: 2026-01-06T11:08:58.181Z
Link: CVE-2026-22093
Updated: 2026-07-13T13:12:52.821Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-13T14:38:09Z
Weaknesses
-
CWE-295
Improper Certificate Validation