CVE-2026-9397 - Vulnerability Details

Description

A weakness has been identified in Besen BS20 EV Charging Station up to 20260426. Affected by this issue is some unknown functionality of the component OTA Update Installation Handler. This manipulation causes improper authorization. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The original disclosure mentions, that "[t]hese vulnerabilities have been reported to Besen and we have received their acknowlegement that they are reviewing this as of April 2026."

Published: 2026-05-24

Score: 9.2 Critical

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A vulnerability in the OTA Update Installation Handler of the Besen BS20 EV Charging Station allows attackers to bypass authentication controls, enabling them to install arbitrary firmware remotely. This improper authorization can potentially expose the vehicle charging infrastructure to unauthorized changes, resulting in a compromise of confidentiality, integrity, and availability.

Affected Systems

Besen BS20 EV Charging Station models up to firmware version 20260426 are affected. The issue targets the OTA Update Installation Handler component and applies to any device running firmware prior to the fix. No other Besen products listed by the CNA are reported to be impacted.

Risk and Exploitability

The CVSS score of 9.2 indicates a high severity vulnerability. The EPSS score is not available, but the attack requires remote network access to the OTA service and a high level of complexity. Because the weakness lies in authorization, an attacker who can influence OTA update traffic could install malicious firmware, effectively achieving remote code execution on the charging station. The vulnerability is not listed in CISA KEV, yet any user of the affected models should assume that unauthorized firmware installation could be exploited if not corrected.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Besen

BS20 EV Charging Station

affected

Version	Status	Constraints
`20260426`	affected	—

No data.

Vendor Product Confidence Versions

Besen

Bs20 Ev Charging Station

90%

Version	Status	Scheme	Platform
`20260426`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Disable OTA updates until a vendor patch is available
Verify that all OTA updates are signed and check cryptographic signatures before installation
Restrict OTA update traffic to trusted networks or IP ranges
Monitor system logs for unauthorized firmware installation events

Generated by OpenCVE AI on May 24, 2026 at 21:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/carfeii/besen#finding-4-unauthorized-firmware-installation-via-spoofed-ota-updates
https://vuldb.com/submit/813576
https://vuldb.com/vuln/365378
https://vuldb.com/vuln/365378/cti

History

Sun, 24 May 2026 20:45:00 +0000

Type	Values Removed	Values Added
Description		A weakness has been identified in Besen BS20 EV Charging Station up to 20260426. Affected by this issue is some unknown functionality of the component OTA Update Installation Handler. This manipulation causes improper authorization. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The original disclosure mentions, that "[t]hese vulnerabilities have been reported to Besen and we have received their acknowlegement that they are reviewing this as of April 2026."
Title		Besen BS20 EV Charging Station OTA Update Installation improper authorization
First Time appeared		Besen Besen bs20 Ev Charging Station
Weaknesses		CWE-266 CWE-285
CPEs		cpe:2.3:a:besen:bs20_ev_charging_station::::::::
Vendors & Products		Besen Besen bs20 Ev Charging Station
References		https://github.com/carfeii/besen#finding-4-unauthorized-firmware-installation-via-spoofed-ota-updates https://vuldb.com/submit/813576 https://vuldb.com/vuln/365378 https://vuldb.com/vuln/365378/cti
Metrics		cvssV2_0 `{'score': 7.6, 'vector': 'AV:N/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8.1, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Besen Bs20 Ev Charging Station

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-24T20:30:10.350Z

Updated: 2026-05-24T20:30:10.350Z

Reserved: 2026-05-24T06:19:00.635Z

Link: CVE-2026-9397

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-24T21:30:08Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object