CVE-2026-9394 | Besen BS20 EV Charging Station up to 20260426 Bluetooth Low Energy weak password

A vulnerability, which was classified as problematic, was found in Besen BS20 EV Charging Station up to 20260426. This impacts an unknown function of the component Bluetooth Low Energy Handler. Executing a manipulation can lead to weak password requirements.

The identification of this vulnerability is CVE-2026-9394. The attack needs to be done within the local network. Furthermore, there is an exploit available.

The original disclosure mentions, that “[t]hese vulnerabilities have been reported to Besen and we have received their acknowlegement that they are reviewing this as of April 2026.”

CVE-2026-9394 | Besen BS20 EV Charging Station up to 20260426 Bluetooth Low Energy weak password

Post correlati

CVE-2021-46954 | Linux Kernel up to 5.11.19/5.12.2 sched sch_fragment out-of-bounds (018bb8da5b58/8e6dfb7beeb6/31fe34a0118e)

CVE-2024-13693 | Kriesi Enfold Plugin up to 6.0.9 on WordPress Setting avia-export-class.php access control

CVE-2025-21600 | Juniper Networks Junos OS/Junos OS Evolved Routing Protocol Daemon out-of-bounds (JSA92870)

CVE-2025-43190 | Apple watchOS up to 18.2 information disclosure