Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
EVerest has RemoteStop Bypass via BCB Toggle Session Restart
Vulnerability Description
EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop (StopTransaction), the EVSE can return to `PrepareCharging` via the EV's BCB toggle, allowing session restart. This breaks the irreversibility of remote stop and can bypass operational/billing/safety controls. Version 2026.02.0 contains a patch.
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Vulnerability Type
授权机制不正确
Vulnerability Title
EVerest 安全漏洞
Vulnerability Description
EVerest是EVerest开源的一个电动汽车充电桩的固件。 EVerest 2026.02.0之前版本存在安全漏洞,该漏洞源于CSMS执行RemoteStop后,EVSE可能通过EV的BCB切换返回PrepareCharging状态,从而绕过远程停止的不可逆性和操作计费安全控制。
CVSS Information
N/A
Vulnerability Type
N/A