CVE-2026-22543— WEEK ENCODING FOR PASSWORDS
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-22543
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WEEK ENCODING FOR PASSWORDS
Source: NVD (National Vulnerability Database)
Vulnerability Description
The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
口令使用弱密码学算法
Source: NVD (National Vulnerability Database)
Vulnerability Title
Efacec QC 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Efacec QC是葡萄牙Efacec公司的一系列电动汽车充电桩。 Efacec QC存在安全漏洞,该漏洞源于设备Web服务器访问凭据通过HTTP标头以Base64编码发送,Base64并非强加密算法,攻击者可拦截登录请求获取凭据。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| EFACEC | QC 60/90/120 | 8 | - |
II. Public POCs for CVE-2026-22543
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-22543
请登录查看更多情报信息。
Same Patch Batch · EFACEC · 2026-01-07 · 9 CVEs total
| CVE-2026-22541 | DENIAL OF SERVICE VIA ICMP PACKETS | |
| CVE-2026-22542 | DENIAL OF SERVICE FOR CONCURRENT CONNECTIONS ON TELNET | |
| CVE-2026-22544 | EXCHANGE OF CREDENTIALS IN CLEAR TEXT | |
| CVE-2026-22540 | DENIAL OF SERVICE VIA ARP PACKETS | |
| CVE-2026-22539 | INFORMATION DISCLOSURE VIA CURL REQUESTS (OCPP) | |
| CVE-2026-22537 | INFORMATION DISCLOSURE WITHIN THE OPERATING SYSTEM | |
| CVE-2026-22536 | PRIVILEGE ESCALATION VIA SUDO COMMAND | |
| CVE-2026-22535 | FRAIL SECURITY IN MQTT PROTOCOL ALLOWS AN ATTACKER MODIFY CRITICAL PARAMETERS |
IV. Related Vulnerabilities
Same product: QC 60/90/120
- CVE-2026-22539
INFORMATION DISCLOSURE VIA CURL REQUESTS (OCPP) - CVE-2026-22537
INFORMATION DISCLOSURE WITHIN THE OPERATING SYSTEM - CVE-2026-22536
PRIVILEGE ESCALATION VIA SUDO COMMAND - CVE-2026-22535
FRAIL SECURITY IN MQTT PROTOCOL ALLOWS AN ATTACKER MODIFY CR - CVE-2026-22544
EXCHANGE OF CREDENTIALS IN CLEAR TEXT
Same vendor: EFACEC
- CVE-2026-22539
INFORMATION DISCLOSURE VIA CURL REQUESTS (OCPP) - CVE-2026-22537
INFORMATION DISCLOSURE WITHIN THE OPERATING SYSTEM - CVE-2026-22536
PRIVILEGE ESCALATION VIA SUDO COMMAND - CVE-2026-22535
FRAIL SECURITY IN MQTT PROTOCOL ALLOWS AN ATTACKER MODIFY CR - CVE-2026-22544
EXCHANGE OF CREDENTIALS IN CLEAR TEXT
Same weakness: CWE-261
- CVE-2025-11500
Credentials exposure in tinycontrol devices - CVE-2026-0809
Weak KSeF token encoding in Streamsoft Prestiż - CVE-2024-52334
Siemens syngo.plaza 安全漏洞 - CVE-2025-67652
AutomationDirect CLICK Programmable Logic Controller Weak En - CVE-2025-25298
Missing Maximum Password Length Validation in Strapi Passwor
V. Comments for CVE-2026-22543
No comments yet