Submit #813576: Besen EV Charging Station BS20 EV Charger Embedded Malicious Codeinfo

TitleBesen EV Charging Station BS20 EV Charger Embedded Malicious Code
DescriptionFinding 4: Unauthorized Firmware Installation via Spoofed OTA Updates The device lacks robust validation of OTA firmware updates. Although some built-in safeguards and validation checks exist, they can be bypassed. An attacker can spoof the update server and deliver malicious firmware, which the device may accept as legitimate. This could enable full device compromise and manipulation of charging behavior.
Source⚠️ https://github.com/carfeii/besen
User
 carfeii (UID 97470)
Submission04/26/2026 18:13 (3 months ago)
Moderation05/24/2026 08:19 (28 days later)
StatusAccepted
VulDB entry365378 [Besen BS20 EV Charging Station up to 20260426 OTA Update Installation improper authorization]
Points18

Want to stay up to date on a daily basis?

Enable the mail alert feature now!