CVE-2026-9039 Initialization of a resource with an insecure default in XCharge C6

A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...

CVE-2026-9038 Stack-based buffer overflow in XCharge C6

A stack-based buffer overflow vulnerability in the charging controller’s signal-processing logic allows an attacker with physical access to the charging interface to supply message fields that exceed expected bounds. Because the input is not sufficiently validated, memory corruption may occur,...

CVE-2026-9038 Stack-based buffer overflow in XCharge C6

A stack-based buffer overflow vulnerability in the charging controller’s signal-processing logic allows an attacker with physical access to the charging interface to supply message fields that exceed expected bounds. Because the input is not sufficiently validated, memory corruption may occur,...

CVE-2026-9037 Download of code without integrity check in XCharge C6

A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the...

CVE-2026-9037

The CVE-2026-9037 issue affects the XCharge C6 charging controller’s firmware update mechanism. The firmware update process does not validate the authenticity of firmware packages delivered via the device management interface, because cryptographic signatures are not verified. An attacker with ac...

XCharge C6

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to gain administrator rights or execute code on the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities...

XCharge C6 安全漏洞

XCharge C6 is a series of intelligent electric vehicle DC charging stations developed by the German company XCharge. There is a security vulnerability in the XCharge C6, which stems from a configuration flaw in the device’s remote management service. This flaw allows for the establishment of...

XCharge C6 安全漏洞

XCharge C6 is a series of intelligent electric vehicle DC charging stations developed by the German company XCharge. The XCharge C6 has a security vulnerability, which stems from a stack-based buffer overflow in the signal processing logic. Attackers can exploit this vulnerability by physically...

XCharge C6 安全漏洞

XCharge C6 is a series of intelligent electric vehicle DC charging stations developed by the German company XCharge. The XCharge C6 has a security vulnerability. This vulnerability stems from the firmware update mechanism’s failure to verify the authenticity of the firmware packages transmitted...