Evbee Dc-80
8 CVEs affecting Evbee Dc-80. Latest disclosed: 2026-07-13. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-22103 | | 2026-07-13 | The NPC start endpoint on the web server at port 8090 is vulnerable to command injection. | |
CVE-2026-22102 | | 2026-07-13 | A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in the Conte… | |
CVE-2026-22100 | | 2026-07-13 | The OCPP DataTransfer message `ReserveLogin` is vulnerable to command injection. By manipulating the data value, arbitrary OS commands can be executed as root. | |
CVE-2026-22099 | | 2026-07-13 | The charging station does not require authentication for Bluetooth commands to perform actions. The functionality exposed includes sensitive information leakag… | |
CVE-2026-22098 | | 2026-07-13 | Various sensitive information such as passwords and charging card UIDs are written to log files. | |
CVE-2026-22097 | | 2026-07-13 | The firmware update mechanism does not include cryptographic signature validation. This allows anyone with access to the firmware update capability to upload a… | |
CVE-2026-22096 | | 2026-07-13 | The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading fi… | |
CVE-2026-22095 | | 2026-07-13 | The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection. |