Description
A vulnerability was identified in Besen BS20 EV Charging Station up to 20260426. Affected is an unknown function of the component BLE/UDP. The manipulation leads to insufficiently protected credentials. The attack needs to be initiated within the local network. The original disclosure mentions, that "[t]hese vulnerabilities have been reported to Besen and we have received their acknowlegement that they are reviewing this as of April 2026."
Published: 2026-05-24
Score: 5.1 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in the BLE/UDP component of the Besen BS20 EV Charging Station allows an attacker who is on the same local network to manipulate the system and read stored credentials without sufficient protection. The weakness corresponds to CWE-522, which means that credential handling is insecure, potentially exposing passwords or authentication tokens used by the device. The impact is limited to local credential disclosure, which could be used to gain further control over the charging station or impersonate legitimate users.

Affected Systems

The vulnerability affects Besen BS20 EV Charging Station models shipped with firmware versions up to 20260426. No specific patch or version beyond this date is indicated in the data, so all devices up to and including this firmware release are considered vulnerable.

Risk and Exploitability

The CVSS base score of 5.1 indicates moderate risk, and the EPSS score is not available, suggesting no known widespread exploitation. The device is not listed in CISA KEV, so no confirmed exploit is published. The attack requires local network access, typically via BLE or UDP, so an adversary would need physical proximity or compromised local infrastructure to exploit it.

Generated by OpenCVE AI on May 24, 2026 at 21:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor-released patch or firmware update for the BS20 EV Charging Station as soon as it becomes available
  • Disable or restrict the BLE/UDP interfaces so that only trusted or authenticated devices can communicate with the charging station
  • Isolate the charging station from untrusted network segments by implementing network segmentation or firewall rules
  • Monitor BLE/UDP traffic for suspicious activity and alert on anomalous credential requests

Generated by OpenCVE AI on May 24, 2026 at 21:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 24 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in Besen BS20 EV Charging Station up to 20260426. Affected is an unknown function of the component BLE/UDP. The manipulation leads to insufficiently protected credentials. The attack needs to be initiated within the local network. The original disclosure mentions, that "[t]hese vulnerabilities have been reported to Besen and we have received their acknowlegement that they are reviewing this as of April 2026."
Title Besen BS20 EV Charging Station BLE/UDP insufficiently protected credentials
First Time appeared Besen
Besen bs20 Ev Charging Station
Weaknesses CWE-522
CPEs cpe:2.3:a:besen:bs20_ev_charging_station:*:*:*:*:*:*:*:*
Vendors & Products Besen
Besen bs20 Ev Charging Station
References
Metrics cvssV2_0

{'score': 2.7, 'vector': 'AV:A/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.5, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Besen Bs20 Ev Charging Station
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-24T20:00:11.355Z

Reserved: 2026-05-24T06:18:55.457Z

Link: CVE-2026-9395

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-24T21:30:08Z

Weaknesses