Submit #813569: Besen EV Charging Station BS20 EV Charger Weak Authenticationinfo

TitleBesen EV Charging Station BS20 EV Charger Weak Authentication
DescriptionFinding 1: Weak Authentication Mechanism in Besen Home EV Charging Station via BLE A weak authentication vulnerability exists in the Besen Home EV Charging Station. The device ships with a shared default (common) password and enforces a fixed 6-digit numeric password format, limiting the keyspace to 1,000,000 possible combinations. This significantly reduces resistance to brute-force attacks. Additionally, the Bluetooth Low Energy (BLE) authentication handshake can be captured and subjected to offline brute-force cracking, enabling attackers to recover credentials without further interaction with the device. Successful exploitation may allow unauthorized access and control of the charging station.
Source⚠️ https://github.com/carfeii/besen
User
 carfeii (UID 97470)
Submission04/26/2026 18:04 (3 months ago)
Moderation05/24/2026 08:19 (28 days later)
StatusAccepted
VulDB entry365375 [Besen BS20 EV Charging Station up to 20260426 Bluetooth Low Energy weak password]
Points19

Might our Artificial Intelligence support you?

Check our Alexa App!