8.7
CVE-2026-3273 - Tenda F453 httpd AdvSetWrlsafeset formWrlsafeset buffer overflow
A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component httpd. Such manipulation of the argument mit_ssid_index leads to buffer overflow. The attack can be executed remotely. The exploiβ¦
6.9
CVE-2026-22878 - Mobility46 mobility46.se Insufficiently Protected Credentials
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
6.9
CVE-2026-27647 - Mobility46 mobility46.se Insufficient Session Expiration
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent conβ¦
8.7
CVE-2026-26305 - Mobility46 mobility46.se Improper Restriction of Excessive Authentication Attempts
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gaiβ¦
9.3
CVE-2026-27028 - Mobility46 mobility46.se Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, thβ¦
6.5
CVE-2021-4456 - Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may havβ¦
Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact. The functions `addr2cidr` and `cidrlookup` may return leading zeros in a CIDR string, which may in turn be parsed as octal numbers by subsequent users. In some cases an attackerβ¦
6.9
CVE-2026-25774 - EV Energy ev.energy Insufficiently Protected Credentials
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
6.9
CVE-2026-26290 - EV Energy ev.energy Insufficient Session Expiration
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent conβ¦
8.7
CVE-2026-24445 - EV Energy ev.energy Improper Restriction of Excessive Authentication Attempts
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gaiβ¦
9.3
CVE-2026-27772 - EV Energy ev.energy Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, thβ¦