Submit #813575: Besen EV Charging Station BS20 EV Charger Improper Verification of Cryptographic Signatureinfo

TitleBesen EV Charging Station BS20 EV Charger Improper Verification of Cryptographic Signature
DescriptionFinding 3: Firmware Version Check Manipulation and UI Spoofing The mobile app does not validate firmware version responses during update checks. There is no signature checks, though the mobile app reflects that check to be being done. An attacker can intercept and modify this response to display an arbitrary “newer” version, enabling the upgrade button even when the device is up to date. This allows UI spoofing and misleading update prompts.
Source⚠️ https://github.com/carfeii/besen
User
 carfeii (UID 97470)
Submission04/26/2026 18:12 (3 months ago)
Moderation05/24/2026 08:19 (28 days later)
StatusAccepted
VulDB entry365377 [Besen BS20 EV Charging Station up to 20260426 Firmware Version Check ui layer]
Points19

Do you need the next level of professionalism?

Upgrade your account now!