Mohammad Ali Sayed

43 exploits Active since Jan 2026
CVE-2026-25192 WRITEUP CRITICAL WRITEUP
CTEK Chargeportal Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.
CVSS 9.4
CVE-2026-27649 WRITEUP HIGH WRITEUP
CTEK Chargeportal Insufficient Session Expiration
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.
CVSS 7.3
CVE-2026-28204 WRITEUP MEDIUM WRITEUP
CTEK Chargeportal Insufficiently Protected Credentials
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVSS 6.5
CVE-2026-31904 WRITEUP HIGH WRITEUP
CTEK Chargeportal Improper Restriction of Excessive Authentication Attempts
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.
CVSS 7.5
CVE-2026-20748 WRITEUP HIGH WRITEUP
WebSocket Backend - Session Hijacking
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.
CVSS 7.3
CVE-2026-20882 WRITEUP HIGH WRITEUP
WebSocket API - DoS
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.
CVSS 7.5
CVE-2026-24696 WRITEUP HIGH WRITEUP
WebSocket API - DoS
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.
CVSS 7.5
CVE-2026-26051 WRITEUP CRITICAL WRITEUP
OCPP WebSocket - Privilege Escalation
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.
CVSS 9.4
CVE-2026-26288 WRITEUP CRITICAL WRITEUP
OCPP WebSocket - Privilege Escalation
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.
CVSS 9.4
CVE-2026-27027 WRITEUP MEDIUM WRITEUP
Charging Station - Info Disclosure
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVSS 6.5
CVE-2026-27764 WRITEUP HIGH WRITEUP
WebSocket Backend - Session Hijacking
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.
CVSS 7.3
CVE-2026-27777 WRITEUP MEDIUM WRITEUP
Charging Station - Info Disclosure
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVSS 6.5
CVE-2026-22552 WRITEUP CRITICAL WRITEUP
OCPP WebSocket - Privilege Escalation
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.
CVSS 9.4
CVE-2026-24912 WRITEUP HIGH WRITEUP
WebSocket Backend - Session Hijacking
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.
CVSS 7.3
CVE-2026-27770 WRITEUP MEDIUM WRITEUP
Charging Station - Info Disclosure
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVSS 6.5
CVE-2026-27778 WRITEUP HIGH WRITEUP
WebSocket API - DoS
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.
CVSS 7.5
CVE-2026-20733 WRITEUP MEDIUM WRITEUP
Charging Station - Info Disclosure
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVSS 6.5
CVE-2026-20781 WRITEUP CRITICAL WRITEUP
OCPP WebSocket - Privilege Escalation
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.
CVSS 9.4
CVE-2026-20791 WRITEUP MEDIUM WRITEUP
Charging Station - Info Disclosure
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVSS 6.5
CVE-2026-20792 WRITEUP HIGH WRITEUP
WebSocket API - DoS
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or misrouting legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.
CVSS 7.5
CVE-2026-20895 WRITEUP HIGH WRITEUP
WebSocket Backend - Session Hijacking
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.
CVSS 7.3
CVE-2026-22878 WRITEUP MEDIUM WRITEUP
Charging Station - Info Disclosure
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVSS 6.5
CVE-2026-22890 WRITEUP MEDIUM WRITEUP
Charging Station - Info Disclosure
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVSS 6.5
CVE-2026-24445 WRITEUP HIGH WRITEUP
WebSocket API - DoS
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.
CVSS 7.5
CVE-2026-24731 WRITEUP CRITICAL WRITEUP
OCPP WebSocket - Privilege Escalation
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.
CVSS 9.4