{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/ev2go/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["ev2go","charging-station","vulnerability","denial-of-service"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eMultiple vulnerabilities have been discovered in EV2GO ev2go.io charging stations. These vulnerabilities, identified as CVE-2026-24731, CVE-2026-25945, CVE-2026-20895, and CVE-2026-22890, relate to missing authentication for critical functions, improper restriction of excessive authentication attempts, insufficient session expiration, and insufficiently protected credentials. Successful exploitation of these flaws could enable attackers to impersonate charging stations, hijack legitimate user sessions, suppress or misroute traffic, potentially leading to a large-scale denial-of-service (DoS) attack. These vulnerabilities affect all versions of ev2go.io and impact critical infrastructure sectors such as energy and transportation systems globally. The lack of vendor response to reported vulnerabilities further exacerbates the risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a valid charging station identifier using publicly accessible mapping platforms, exploiting CVE-2026-22890.\u003c/li\u003e\n\u003cli\u003eAttacker connects to the OCPP WebSocket endpoint of a charging station without proper authentication, leveraging CVE-2026-24731.\u003c/li\u003e\n\u003cli\u003eAttacker issues unauthorized OCPP commands to the backend as a legitimate charger, due to the missing authentication mechanisms (CVE-2026-24731).\u003c/li\u003e\n\u003cli\u003eAttacker attempts multiple authentication requests without any rate limiting, potentially leading to a denial-of-service (DoS) by overwhelming the backend (CVE-2026-25945).\u003c/li\u003e\n\u003cli\u003eAttacker hijacks or shadows existing sessions due to predictable session identifiers and the ability for multiple endpoints to connect using the same identifier (CVE-2026-20895).\u003c/li\u003e\n\u003cli\u003eLegitimate charging station is displaced, and the attacker receives backend commands intended for the original station (CVE-2026-20895).\u003c/li\u003e\n\u003cli\u003eAttacker manipulates charging station operations or charging network data reported to the backend.\u003c/li\u003e\n\u003cli\u003eFinal objective: Cause disruption of charging services for users, corrupt charging network data, or potentially gain control of the charging infrastructure.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities could have significant consequences. An attacker can disrupt charging services, leading to stranded electric vehicles and customer dissatisfaction. Data manipulation could result in incorrect billing or inaccurate reporting. A large-scale denial-of-service attack could impact entire charging networks, affecting energy distribution and transportation systems. Given the widespread deployment of EV2GO charging stations worldwide, a successful attack could affect a large number of users and critical infrastructure.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor network traffic for connections to \u003ccode\u003eev2go.io\u003c/code\u003e that do not originate from known, authorized charging stations.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting on authentication attempts to the OCPP WebSocket API to mitigate CVE-2026-25945.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Unauthorized OCPP Connection\u0026rdquo; to identify potential station impersonation attempts based on CVE-2026-24731.\u003c/li\u003e\n\u003cli\u003eMonitor for unexpected OCPP commands being issued from charging stations that are not aligned with normal operation to detect malicious manipulation of charging infrastructure, as described in CVE-2026-24731.\u003c/li\u003e\n\u003cli\u003eContact EV2GO at \u003ca href=\"https://ev2go.io/\"\u003ehttps://ev2go.io/\u003c/a\u003e for information on patching or mitigating these vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-02-27T10:00:00Z","date_published":"2026-02-27T10:00:00Z","id":"/briefs/2026-02-ev2go-vulns/","summary":"Multiple vulnerabilities in EV2GO charging stations, including missing authentication and session management flaws, could allow attackers to impersonate stations, hijack sessions, and cause denial-of-service conditions.","title":"EV2GO Charging Station Vulnerabilities Allow Impersonation and Denial of Service","url":"https://feed.craftedsignal.io/briefs/2026-02-ev2go-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — Ev2go","version":"https://jsonfeed.org/version/1.1"}