CVE-2026-9395 | Besen BS20 EV Charging Station up to 20260426 BLE/UDP insufficiently protected credentials

A vulnerability has been found in Besen BS20 EV Charging Station up to 20260426 and classified as problematic. Affected is an unknown function of the component BLE/UDP. The manipulation leads to insufficiently protected credentials.

This vulnerability is referenced as CVE-2026-9395. The attack needs to be initiated within the local network. Furthermore, an exploit is available.

The original disclosure mentions, that “[t]hese vulnerabilities have been reported to Besen and we have received their acknowlegement that they are reviewing this as of April 2026.”

CVE-2026-9395 | Besen BS20 EV Charging Station up to 20260426 BLE/UDP insufficiently protected credentials

Post correlati

CVE-2025-21407 | Microsoft

CVE-2025-6334 | D-Link DIR-867 1.0 Query String strncpy stack-based overflow

CVE-2024-34402 | uriparser up to 0.9.7 UriQuery.c ComposeQueryEngine integer overflow (ID 183)

CVE-2024-43384 | Phoenix Contact FL MGUARD 2102 up to 10.4.0 improper removal of sensitive information before storage or transfer (VDE-2024-039)