| عنوان | Besen EV Charging Station BS20 EV Charger Improper Verification of Cryptographic Signature |
|---|
| الوصف | Finding 3: Firmware Version Check Manipulation and UI Spoofing
The mobile app does not validate firmware version responses during update checks. There is no signature checks, though the mobile app reflects that check to be being done.
An attacker can intercept and modify this response to display an arbitrary “newer” version, enabling the upgrade button even when the device is up to date.
This allows UI spoofing and misleading update prompts.
|
|---|
| المصدر | ⚠️ https://github.com/carfeii/besen |
|---|
| المستخدم | carfeii (UID 97470) |
|---|
| ارسال | 26/04/2026 06:12 PM (1 شهر منذ) |
|---|
| الاعتدال | 24/05/2026 08:19 AM (28 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 365377 [Besen BS20 EV Charging Station حتى 20260426 Firmware Version Check تجاوز الصلاحيات] |
|---|
| النقاط | 19 |
|---|