Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
EVerest: Charging Continues When WithdrawAuthorization Is Processed Before TransactionStarted
Vulnerability Description
EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted event, AuthHandler determines `transaction_active=false` and only calls `withdraw_authorization_callback`. This path ultimately calls `Charger::deauthorize()`, but no actual stop (StopTransaction) occurs in the Charging state. As a result, authorization withdrawal can be defeated by timing, allowing charging to continue. Version 2026.02.0 contains a patch.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L
Vulnerability Type
授权机制不正确
Vulnerability Title
EVerest 安全漏洞
Vulnerability Description
EVerest是EVerest开源的一个电动汽车充电桩的固件。 EVerest 2026.02.0之前版本存在安全漏洞,该漏洞源于WithdrawAuthorization在TransactionStarted事件之前处理时,授权撤销可能因时序问题被绕过,导致充电继续。
CVSS Information
N/A
Vulnerability Type
N/A