Besen BS20 EV Charging Station BLE and UDP Credential Exposure Vulnerability

Vulnerability

A vulnerability exists in the Besen BS20 EV Charging Station, affecting versions through April 26, 2026. The issue arises from an unknown function in the BLE/UDP component, leading to the exposure of user credentials in plaintext. This vulnerability requires local network access to exploit. Operations such as password changes reveal both old and new passwords in cleartext, and the plaintext passwords are frequently broadcasted via UDP, making them accessible to any attacker on the same local network.

Impact

Successful exploitation allows unauthorized access and control of the charging station.

Added: May 26, 2026, 8:31 PM

Updated: May 26, 2026, 8:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

9.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

9.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Besen BS20 EV Charging Station BLE and UDP Credential Exposure Vulnerability

Vulnerability

Impact

Affected Products

Besen BS20 EV Charging Station

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating