Description
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
Published: 2026-03-06
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthenticated Credential Disclosure
Action: Assess Impact
AI Analysis

Impact

The vulnerability permits public discovery of charging station authentication identifiers through web-based mapping services. An attacker can read these identifiers without authenticating, exposing the credentials used by the charging infrastructure. The affected weakness is an insufficiently protected credential state (CWE-522).

Affected Systems

Mobiliti e-mobi.hu charging station platforms are affected. The CNA lists the product but does not specify version details; all current models appear to be impacted as they expose authentication identifiers via their web mapping interfaces.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity. The EPSS score of less than 1% suggests a very low probability of exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. Attackers are inferred to exploit the flaw remotely via the public web interface, requiring no initial credentials. Successful exploitation can lead to leakage of sensitive authentication data and potentially compromise the integrity of the charging service. No known public exploits have been reported, but the exposure warrants attention.

Generated by OpenCVE AI on April 16, 2026 at 04:37 UTC.

Remediation

Vendor Workaround

Mobiliti did not respond to CISA's request for coordination. Contact Mobiliti using their contact page here: https://mobiliti.hu/emobilitas/ugyfeltamogatas/ugyfelszolgalat for more information.

OpenCVE Recommended Actions

  • Contact Mobiliti through their support page to request a fix or guidance
  • Restrict or remove public access to the web-based mapping interface that exposes authentication identifiers
  • Implement network segmentation or firewall rules to limit internal networks from accessing the exposed mapping services
  • Enable logging and intrusion detection for unexpected credential access attempts

Generated by OpenCVE AI on April 16, 2026 at 04:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Mobiliti
Mobiliti e-mobi.hu
Vendors & Products Mobiliti
Mobiliti e-mobi.hu

Fri, 06 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
Description Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
Title Mobiliti e-mobi.hu Insufficiently Protected Credentials
Weaknesses CWE-522
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Mobiliti E-mobi.hu
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-03-12T15:54:09.223Z

Reserved: 2026-02-24T00:30:38.926Z

Link: CVE-2026-27777

cve-icon Vulnrichment

Updated: 2026-03-12T15:53:57.315Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-06T16:16:11.497

Modified: 2026-03-12T16:16:10.617

Link: CVE-2026-27777

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T04:45:16Z

Weaknesses