Summary
CISA reports four vulnerabilities in the Chargeportal platform by CTEK, including a critical authentication bypass (CVE-2026-25192), that allow attackers to impersonate charging stations and gain unauthorized control. The product is scheduled for sunset in April 2026, leaving network isolation as the primary defense for current users.
Take Action:
Since CTEK is sunsetting Chargeportal without a patch, make sure you isolate the systems as much as possible from public access and the public internet. Then planning a migration to a supported charging management platform.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)