Besen BS20 EV Charging Station BLE/WiFi Authentication Bypass Vulnerability

Vulnerability

An authentication bypass vulnerability has been identified in the Besen BS20 EV Charging Station, affecting versions through 20260426. The vulnerability arises in the BLE/WiFi component, where an attacker can exploit capture-replay techniques to bypass authentication. This manipulation must be executed from within the local network, and while the original disclosure indicates that such attacks are highly complex, the vulnerability remains a significant concern.

Impact

Exploitation of this vulnerability allows for unauthorized manipulation of charging commands, including changes to duration, current, power, and start/stop states, all without authorization.

Added: May 26, 2026, 8:29 PM

Updated: May 26, 2026, 8:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

9.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

9.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Besen BS20 EV Charging Station BLE/WiFi Authentication Bypass Vulnerability

Vulnerability

Impact

Affected Products

Besen BS20 EV Charging Station

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating