Ctek Chargeportal
4 CVEs affecting Ctek Chargeportal. Latest disclosed: 2026-03-20. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-25192 | Critical | 9.4 | 2026-03-20 | WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the bac… |
CVE-2026-31904 | High | 7.5 | 2026-03-20 | The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacke… |
CVE-2026-27649 | High | 7.3 | 2026-03-20 | The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifi… |
CVE-2026-28204 | Medium | 6.5 | 2026-03-20 | Charging station authentication identifiers are publicly accessible via web-based mapping platforms. |