Home
HIGH: 8.7 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NDefault status
unaffected
Any version before 1.5.4
affected
Description
The charging station does not require authentication for Bluetooth commands to perform actions. The functionality exposed includes sensitive information leakage, triggering reboots, or pushing a firmware update URL.
Problem types
CWE-287 Improper Authentication
Product status
Any version before 1.5.4
Credits
Wilco van Beijnum (ElaadNL)
Jeroen van der Ham-de Vos (DIVD)
References
csirt.divd.nl/DIVD-2026-00001/