296 matches found
Mobility46 mobility46.se
RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
EV Energy ev.energy
RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
Chargemap chargemap.com
RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
PT-2026-22219
Name of the Vulnerable Software and Affected Versions Systems utilizing WebSocket endpoints for Open Charge Point Protocol OCPP communications affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, allowing attackers to perform unauthorized station...
PT-2026-22218
Name of the Vulnerable Software and Affected Versions Versions prior to the fixed version affected versions not specified Description The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier...
CVE-2026-20401
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID...
CVE-2026-20402
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patc...
EUVD-2026-5150
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch...
CVE-2021-22773
A CWE-620: Unverified Password Change vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an attacker...
(0Day) (Pwn2Own) Enel X JuiceBox 40 Telnet Service Missing Authentication Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Enel X JuiceBox 40 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the telnet service, which listens on TCP port 2000 by...
Major Data Breach Hits Company Operating 150 Gas Stations in the US
Texas based Gulshan Management Services, operator of Handi Plus and Handi Stop gas stations, reports a data breach impacting over 377,000 people...
When the Base Station Flies: Rethinking Security for UAV-Based 6G Networks
The integration of non-terrestrial networks NTNs into 6G systems is crucial for achieving seamless global coverage, particularly in underserved and disaster-prone regions. Among NTN platforms, unmanned aerial vehicles UAVs are especially promising due to their rapid deployability. However, this...
CVE-2018-25130
Beward Intercom 2.3.1 contains a local credential-disclosure vulnerability: usernames and passwords stored in plaintext in BEWARD.INTERCOM.FDB can be read by a local attacker, enabling unauthorized access to IP cameras and door stations. Root cause: credentials stored in an unencrypted database f...
CVE-2018-25130 Beward Intercom 2.3.1 Local Credentials Disclosure via Unencrypted Database
Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers to access plain-text authentication credentials stored in an unencrypted database file. Attackers can read the BEWARD.INTERCOM.FDB file to extract usernames and passwords, enabling unauthorized acces...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Samsung has fixed vulnerabilities relevant to Samsung mobile in Samsung mobile. The vulnerabilities are primarily related to improper input validation, which can result in system crashes and remote denial of service attacks via malicious base stations...
CVE-2025-20792
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patc...
CVE-2025-20750
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patc...
PT-2025-48612
Name of the Vulnerable Software and Affected Versions Modem affected versions not specified Description A missing bounds check in Modem could lead to a system crash and remote denial of service. This can occur if a User Equipment UE connects to a rogue base station controlled by an attacker. No...
Cybersecurity of High-Altitude Platform Stations: Threat Taxonomy, Attacks and Defenses with Standards Mapping - DDoS Attack Use Case
High-Altitude Platform Stations HAPS are emerging stratospheric nodes within non-terrestrial networks. We provide a structured overview of HAPS subsystems and principal communication links, map cybersecurity and privacy exposure across communication, control, and power subsystems, and propose a...
CVE-2025-64307
The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes...