Auth bypass in Evbee Dc-80

CVE-2026-22099

The charging station does not require authentication for Bluetooth commands to perform actions. The functionality exposed includes sensitive information leakage, triggering reboots, or pushing a firmware update URL.

Vulnerability class: Broken Authentication

Affected products

Weakness classification (CWE)

References