Submit #813572: Besen EV Charging Station BS20 EV Charger Insufficiently Protected Credentialsinfo

TitleBesen EV Charging Station BS20 EV Charger Insufficiently Protected Credentials
DescriptionFinding 2: Cleartext Credential Exposure via BLE and UDP in Besen Home EV Charging Station The Besen Home EV Charging Station exposes user credentials in plaintext over UDP and also BLE. Operations such as password change reveals both old and new passwords in plaintext. The plaintext password is also observed to be frequently broadcasted via UDP, making them observable to any attacker on the same local network. Successful exploitation may lead to unauthorized access and control of the device.
Source⚠️ https://github.com/carfeii/besen/
User
 carfeii (UID 97470)
Submission04/26/2026 18:05 (3 months ago)
Moderation05/24/2026 08:19 (28 days later)
StatusAccepted
VulDB entry365376 [Besen BS20 EV Charging Station up to 20260426 BLE/UDP insufficiently protected credentials]
Points20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!