CVE-2026-21635 | THREATINT

Description

An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feature on a device that was only adopted via Ethernet.

PUBLISHED Reserved 2026-01-01 | Published 2026-01-05 | Updated 2026-01-07 | Assigner hackerone

MEDIUM: 5.3CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Product status

Default status

unaffected

Any version before 1.6.1

affected

References

community.ui.com/...059/0c0b7f7a-68b7-41b9-987e-554f4b40e0e6

cve.org (CVE-2026-21635)

nvd.nist.gov (CVE-2026-21635)

Download JSON