PT-2026-28464 · Everest · Everest
Finder16
·
Publicado
2026-03-26
·
Atualizado
2026-03-27
·
CVE-2026-33014
CVSS v3.1
5.2
Média
| Vetor | AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
EVerest versions prior to 2026.02.0
Description
EVerest is an EV charging software stack. Before version 2026.02.0, during the processing of RemoteStop, a delayed authorization response resets the
authorized variable to true. This bypasses the condition for calling the stop transaction() function during PowerOff events, potentially leaving the transaction open even after a remote stop. The authorized variable is central to this issue.Recommendations
Versions prior to 2026.02.0 should be updated to version 2026.02.0 or later.
Exploit
Correção
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Everest