Besen BS20 EV Charging Station Bluetooth Low Energy Weak Authentication Vulnerability

Vulnerability

A vulnerability exists in the Besen BS20 EV Charging Station, affecting versions through 20260426. The issue lies in the Bluetooth Low Energy (BLE) authentication mechanism, which imposes weak password requirements. The charger comes with a shared default password and mandates a fixed 6-digit numeric format, allowing for only 1,000,000 possible combinations. This limitation makes the device susceptible to brute-force attacks. Furthermore, the BLE authentication handshake can be intercepted and analyzed offline to crack passwords, potentially leading to unauthorized access and control of the charging station.

Impact

Exploitation of this vulnerability could result in unauthorized access to and control over the EV charging station.

Added: May 26, 2026, 8:31 PM

Updated: May 26, 2026, 8:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

9.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

9.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Besen BS20 EV Charging Station Bluetooth Low Energy Weak Authentication Vulnerability

Vulnerability

Impact

Affected Products

Besen BS20 EV Charging Station

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating