| tiêu đề | Besen EV Charging Station BS20 EV Charger Weak Authentication |
|---|
| Mô tả | Finding 1: Weak Authentication Mechanism in Besen Home EV Charging Station via BLE
A weak authentication vulnerability exists in the Besen Home EV Charging Station. The device ships with a shared default (common) password and enforces a fixed 6-digit numeric password format, limiting the keyspace to 1,000,000 possible combinations. This significantly reduces resistance to brute-force attacks. Additionally, the Bluetooth Low Energy (BLE) authentication handshake can be captured and subjected to offline brute-force cracking, enabling attackers to recover credentials without further interaction with the device.
Successful exploitation may allow unauthorized access and control of the charging station.
|
|---|
| Nguồn | ⚠️ https://github.com/carfeii/besen |
|---|
| Người dùng | carfeii (UID 97470) |
|---|
| Đệ trình | 26/04/2026 18:04 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 24/05/2026 08:19 (28 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 365375 [Besen BS20 EV Charging Station đến 20260426 Bluetooth Low Energy xác thực yếu] |
|---|
| điểm | 19 |
|---|