ByteOS Network

Vulnerability Details :

CVE-2026-9394

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-24 May, 2026 | 19:30

Updated At-24 May, 2026 | 19:30

Besen BS20 EV Charging Station Bluetooth Low Energy weak password

A vulnerability was determined in Besen BS20 EV Charging Station up to 20260426. This impacts an unknown function of the component Bluetooth Low Energy Handler. Executing a manipulation can lead to weak password requirements. The attack needs to be done within the local network. This attack is characterized by high complexity. The exploitability is said to be difficult. The original disclosure mentions, that "[t]hese vulnerabilities have been reported to Besen and we have received their acknowlegement that they are reviewing this as of April 2026."

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:VulDB

Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5

Published At:24 May, 2026 | 19:30

Updated At:24 May, 2026 | 19:30

▼CVE Numbering Authority (CNA)

Besen BS20 EV Charging Station Bluetooth Low Energy weak password

Affected Products

Vendor

Besen

Product

BS20 EV Charging Station

CPEs

cpe:2.3:a:besen:bs20_ev_charging_station:*:*:*:*:*:*:*:*

Modules

Bluetooth Low Energy Handler

Versions

Affected

20260426

Problem Types

Type	CWE ID	Description
CWE	CWE-521	Weak Password Requirements

Type: CWE

CWE ID: CWE-521

Description: Weak Password Requirements

Metrics

Version	Base score	Base severity	Vector
4.0	2.3	LOW	CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
3.1	3.1	LOW	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
3.0	3.1	LOW	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
2.0	1.8	N/A	AV:A/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR

Version: 4.0

Base score: 2.3

Base severity: LOW

Vector:

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Version: 3.1

Base score: 3.1

Base severity: LOW

Vector:

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

Version: 3.0

Base score: 3.1

Base severity: LOW

Vector:

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

Version: 2.0

Base score: 1.8

Base severity: N/A

Vector:

AV:A/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR

Credits

reporter

carfeii (VulDB User)

coordinator

VulDB CNA Team

Timeline

Event	Date
Advisory disclosed	2026-05-24 00:00:00
VulDB entry created	2026-05-24 02:00:00
VulDB entry last update	2026-05-24 08:24:09

Event: Advisory disclosed

Date: 2026-05-24 00:00:00

Event: VulDB entry created

Date: 2026-05-24 02:00:00

Event: VulDB entry last update

Date: 2026-05-24 08:24:09

References

Hyperlink	Resource
https://vuldb.com/vuln/365375	vdb-entry
https://vuldb.com/vuln/365375/cti	signature permissions-required
https://vuldb.com/submit/813569	third-party-advisory
https://github.com/carfeii/besen#finding-1-weak-authentication-mechanism-in-besen-home-ev-charging-station-via-ble	related

Hyperlink: https://vuldb.com/vuln/365375

Resource:

vdb-entry

Hyperlink: https://vuldb.com/vuln/365375/cti

Resource:

signature

permissions-required

Hyperlink: https://vuldb.com/submit/813569

Resource:

third-party-advisory

Hyperlink: https://github.com/carfeii/besen#finding-1-weak-authentication-mechanism-in-besen-home-ev-charging-station-via-ble

Resource:

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cna@vuldb.com

Published At:24 May, 2026 | 20:16

Updated At:24 May, 2026 | 20:16

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	1.3	LOW	CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	3.1	LOW	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Secondary	2.0	1.8	LOW	AV:A/AC:H/Au:N/C:P/I:N/A:N

Type: Secondary

Version: 4.0

Base score: 1.3

Base severity: LOW

Vector:

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 3.1

Base severity: LOW

Vector:

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Type: Secondary

Version: 2.0

Base score: 1.8

Base severity: LOW

Vector:

AV:A/AC:H/Au:N/C:P/I:N/A:N

Weaknesses

CWE ID	Type	Source
CWE-521	Primary	cna@vuldb.com

CWE ID: CWE-521

Type: Primary

Source: cna@vuldb.com

References

Hyperlink	Source	Resource
https://github.com/carfeii/besen#finding-1-weak-authentication-mechanism-in-besen-home-ev-charging-station-via-ble	cna@vuldb.com	N/A
https://vuldb.com/submit/813569	cna@vuldb.com	N/A
https://vuldb.com/vuln/365375	cna@vuldb.com	N/A
https://vuldb.com/vuln/365375/cti	cna@vuldb.com	N/A

Hyperlink: https://github.com/carfeii/besen#finding-1-weak-authentication-mechanism-in-besen-home-ev-charging-station-via-ble

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/submit/813569

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/vuln/365375

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/vuln/365375/cti

Source: cna@vuldb.com

Resource: N/A

CVE-2026-9394

Credits

Besen BS20 EV Charging Station Bluetooth Low Energy weak password

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs