CVE-2026-22095
EVbee · DC-80
The network diagnosis endpoint on EVbee DC-80 chargers (port 8090) is vulnerable to command injection, enabling unauthenticated remote code execution.
Executive summary
A critical command injection vulnerability in the EVbee DC-80 charger allows unauthenticated remote attackers to execute arbitrary system commands.
Vulnerability
The device exposes a network diagnosis endpoint on port 8090 that fails to sanitize user-supplied input, leading to a command injection vulnerability. This allows an unauthenticated attacker to inject and execute arbitrary system-level commands on the charging station.
Business impact
The CVSS score of 9.3 reflects the high severity of this flaw, as it allows for full control of the affected charging hardware. An attacker could potentially disrupt charging services, manipulate hardware operation, or use the compromised device as a pivot point to attack other internal network infrastructure.
Remediation
Immediate Action: Update the EVbee DC-80 firmware to version 1.5.1 or later to sanitize input on the network diagnosis endpoint.
Proactive Monitoring: Monitor network traffic directed at port 8090 for unusual diagnostic requests or common command injection patterns (e.g., shell operators like ';', '|', or '&&').
Compensating Controls: If an update cannot be applied immediately, isolate the device from public internet access using a firewall, specifically blocking or restricting access to port 8090.
Exploitation status
Public Exploit Available: No (No confirmed weaponized exploit or public PoC identified).
Analyst recommendation
This vulnerability represents a significant risk to the integrity of EVbee charging infrastructure. Administrators should prioritize firmware updates to version 1.5.1. Until such updates are applied, it is strongly recommended to restrict network access to the device to prevent unauthorized access to the vulnerable port 8090.