Description
A security vulnerability has been detected in Besen BS20 EV Charging Station up to 20260426. This affects an unknown part of the component BLE/WiFi. Such manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The original disclosure mentions, that "[t]hese vulnerabilities have been reported to Besen and we have received their acknowlegement that they are reviewing this as of April 2026."
Published: 2026-05-24
Score: 2.3 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an intruder to capture valid authentication traffic over the charging station’s BLE/WiFi interface and replay it to gain unauthorized command execution. The flaw lies in the improper handling of authentication data, corresponding to CWE‑287 and CWE‑294. By replaying captured packets, an attacker bypasses the station’s authentication checks without needing to discover credentials.

Affected Systems

Besen BS20 EV Charging Station devices, specifically versions released up to 2026‑04‑26. The vulnerability resides in an unspecified component of the BLE/WiFi subsystem.

Risk and Exploitability

The CVSS score of 2.3 reflects the low overall impact of the flaw. Exploitability is difficult and limited to traffic on the local network, so the EPSS score is not available and the issue is not listed in CISA KEV. Even though the attack surface is narrowed to local vicinity, a determined attacker could elevate privileges by replaying captured authentication packets. Maintaining strong network segmentation mitigates the risk.

Generated by OpenCVE AI on May 24, 2026 at 22:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Restrict access to the charging station by enabling network isolation or firewalling non‑essential ports
  • Disable the BLE/WiFi interface if it is not required for the charging station’s operation
  • Monitor local network traffic for repeated command packets that resemble replay attempts
  • Apply vendor‑issued firmware updates once the manufacturer releases a fix

Generated by OpenCVE AI on May 24, 2026 at 22:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 24 May 2026 21:00:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in Besen BS20 EV Charging Station up to 20260426. This affects an unknown part of the component BLE/WiFi. Such manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The original disclosure mentions, that "[t]hese vulnerabilities have been reported to Besen and we have received their acknowlegement that they are reviewing this as of April 2026."
Title Besen BS20 EV Charging Station BLE/WiFi authentication replay
First Time appeared Besen
Besen bs20 Ev Charging Station
Weaknesses CWE-287
CWE-294
CPEs cpe:2.3:a:besen:bs20_ev_charging_station:*:*:*:*:*:*:*:*
Vendors & Products Besen
Besen bs20 Ev Charging Station
References
Metrics cvssV2_0

{'score': 1.8, 'vector': 'AV:A/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.1, 'vector': 'CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Besen Bs20 Ev Charging Station
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-24T20:45:08.425Z

Reserved: 2026-05-24T06:19:03.634Z

Link: CVE-2026-9398

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-24T22:30:09Z

Weaknesses