Carfeii

**Name of the Vulnerable Software and Affected Versions** Besen BS20 EV Charging Station versions prior to 20260426 **Description** An issue exists in the Bluetooth Low Energy Handler component where a manipulation can lead to weak password requirements. This attack requires local network access and is characterized by high complexity and difficult exploitability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Besen BS20 EV Charging Station versions prior to 20260426 **Description** An issue exists in the BLE/UDP component where an unknown function allows for the manipulation of insufficiently protected credentials. This attack must be initiated from within the local network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Besen BS20 EV Charging Station versions prior to 20260426 **Description** A security flaw exists in the Firmware Version Check component of the device. Remote manipulation of an unknown functionality within this component can lead to improper restriction of rendered UI layers. This attack is characterized by high complexity and is considered difficult to exploit. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Besen BS20 EV Charging Station versions prior to 20260426 **Description** An improper authorization issue exists in the OTA Update Installation Handler component. This flaw allows a remote attacker to perform unauthorized manipulations, although the attack requires a high degree of complexity and is difficult to exploit. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Besen BS20 EV Charging Station versions prior to 20260426 **Description** A security issue exists in the BLE/WiFi component that allows for an authentication bypass via a capture-replay attack. This type of attack, where a valid transmission is recorded and later re-sent to deceive a system, requires the attacker to be within the local network. Exploitation is considered highly complex and difficult. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.