CVE-2026-0778 in JuiceBox 40
Summary
by MITRE • 01/23/2026
Enel X JuiceBox 40 Telnet Service Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Enel X JuiceBox 40 charging stations. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the telnet service, which listens on TCP port 2000 by default. The issue results from the lack of authentication prior to allowing remote connections. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23285.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 01/25/2026
The CVE-2026-0778 vulnerability represents a critical remote code execution flaw in Enel X JuiceBox 40 electric vehicle charging stations that directly impacts the security posture of industrial IoT infrastructure. This vulnerability resides within the telnet service component that operates on TCP port 2000, exposing a fundamental architectural weakness in the device's authentication mechanisms. The absence of proper authentication requirements creates an open pathway for malicious actors to gain unauthorized access to the charging station's operational environment without requiring any credentials or prior authorization. This type of vulnerability is particularly dangerous in industrial control systems and IoT deployments where physical security and network isolation may be inadequate, as it allows attackers to compromise devices from adjacent network segments without additional attack vectors.
The technical exploitation of this vulnerability stems from the inherent design flaw in the telnet service implementation, which fails to enforce authentication checks before establishing remote connections. According to CWE-310, this represents a cryptographic vulnerability related to missing authentication mechanisms, specifically CWE-310-100 which addresses the absence of authentication in network services. The vulnerability's classification aligns with ATT&CK technique T1133 which covers External Remote Services, where attackers can leverage unauthenticated network services to establish persistent access points. When an attacker successfully connects to the telnet service on port 2000, they can execute arbitrary commands with the privileges of the service account, potentially leading to complete system compromise and unauthorized control over the charging station's operations.
The operational impact of this vulnerability extends beyond simple code execution, as it fundamentally undermines the security model of the charging infrastructure and creates potential pathways for broader network compromise. Attackers can leverage this vulnerability to modify charging parameters, disable charging capabilities, or potentially disrupt power delivery to vehicles, which could result in service degradation or denial of service conditions. The vulnerability's severity is amplified by the fact that it requires no authentication, making it particularly attractive to attackers who may be conducting reconnaissance or attempting to establish persistent access points within industrial environments. From a cybersecurity perspective, this vulnerability represents a significant risk to critical infrastructure, as it allows for unauthorized modification of charging station configurations and could potentially be used as a foothold for further attacks within the facility's network.
Mitigation strategies for CVE-2026-0778 should focus on immediate network-level protections combined with device-specific security hardening measures. Organizations should implement network segmentation to isolate charging station infrastructure from general network traffic, effectively blocking unauthorized access attempts from adjacent network segments. The telnet service on port 2000 should be disabled or configured with strong authentication mechanisms, as recommended by NIST SP 800-44 guidelines for securing industrial control systems. Additionally, implementing network monitoring and intrusion detection systems can help identify unauthorized telnet connection attempts and alert security teams to potential exploitation attempts. Regular firmware updates from Enel X should be prioritized to address the underlying authentication flaw, while also considering the implementation of secure remote access protocols such as SSH instead of telnet for any necessary administrative access. The vulnerability's exploitation risk underscores the importance of conducting comprehensive security assessments of industrial IoT deployments and implementing defense-in-depth strategies to protect critical infrastructure components from unauthenticated remote access attempts.