Auth bypass in Evbee Dc-80
CVE-2026-22099
The charging station does not require authentication for Bluetooth commands to perform actions. The functionality exposed includes sensitive information leakage, triggering reboots, or pushing a firmware update URL.
Vulnerability class: Broken Authentication
Affected products
- Evbee Dc-80 — versions 0
Weakness classification (CWE)
References
- csirt@divd.nl (third-party-advisory)