CVE-2026-9398 Besen CVE debrief

Who should care

Owners and operators of Besen BS20 EV charging infrastructure, facilities management securing electric vehicle supply equipment (EVSE), IoT/OT security teams, and critical infrastructure defenders managing charging station networks

Technical summary

The Besen BS20 EV Charging Station contains an authentication bypass vulnerability in its BLE/WiFi component that can be exploited through capture-replay attacks. An attacker with local network access could capture valid authentication sequences and replay them to gain unauthorized access to charging station functions. The attack complexity is high and exploitability is rated as difficult. The vulnerability affects firmware versions through 20260426. Besen has acknowledged the report and was reviewing remediation as of April 2026.

Defensive priority

LOW

Recommended defensive actions

• Segment EV charging station networks from critical infrastructure and restrict BLE/WiFi access to authorized personnel only
• Monitor for anomalous authentication patterns or repeated authentication attempts on charging station management interfaces
• Await vendor security advisory and firmware update from Besen; verify patch addresses capture-replay vulnerabilities before deployment
• Review and strengthen wireless authentication mechanisms for IoT/OT devices, implementing replay-resistant protocols where feasible
• Conduct security assessment of charging station deployments to identify systems running firmware version 20260426 or earlier

Evidence notes

CVE published 2026-05-24; modified 2026-05-26. Disclosure indicates vendor acknowledgment received April 2026 with review in progress. CVSS 4.0 vector: AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N. CWE-287 (Improper Authentication) and CWE-294 (Authentication Bypass by Capture-Replay) identified.

Official resources