Primary

Context

CTEK Chargeportal WebSocket API Rate Limiting Vulnerability Allowing Denial-of-Service and Brute-Force Attacks

Vulnerability

A vulnerability exists in the WebSocket API of CTEK Chargeportal, all versions, due to a lack of rate limiting on authentication requests. This flaw could enable attackers to perform denial-of-service attacks by disrupting or misdirecting legitimate charger telemetry, or to execute brute-force attacks to gain unauthorized access.

Impact

Exploitation of this vulnerability could lead to unauthorized administrative control over affected charging stations or cause disruptions in charging services, similar to a denial-of-service attack.

Remediation

CTEK will be discontinuing this product in April 2026. For more information, please contact CTEK support.

Added: Mar 20, 2026, 11:34 PM

Updated: Mar 20, 2026, 11:34 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

4.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

4.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CTEK Chargeportal WebSocket API Rate Limiting Vulnerability Allowing Denial-of-Service and Brute-Force Attacks

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating