PT-2026-57670 · Evbee · Evbee Service

Publicado

2026-07-13

·

Atualizado

2026-07-13

·

CVE-2026-22093

CVSS v4.0

9.5

Crítica

VetorAV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:L
The EVbee Service Android app uses TLS encrypted communication (HTTPS), but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is weakly encrypted using RC4 with a hardcoded key, which allows an attacker to gain access to the communication. Part of this communication involves access codes to charging stations.
This issue affects EVbee Service: v1.4.101.00.

Correção

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-22093

Produtos afetados

Evbee Service