CVE-2026-9039— Initialization of a resource with an insecure default in XCharge C6
Possible ATT&CK Techniques 3AI
T1190 · Exploit Public-Facing Application T1078 · Valid Accounts T1133 · External Remote ServicesGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-9039
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Initialization of a resource with an insecure default in XCharge C6
Source: NVD (National Vulnerability Database)
Vulnerability Description
A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default administrative credential. A malicious device physically connected to the charging interface could leverage this misconfiguration to obtain full administrative access.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
不安全的默认资源初始化
Source: NVD (National Vulnerability Database)
Vulnerability Title
XCharge C6 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
XCharge C6是德国XCharge公司的一系列智能电动汽车直流充电桩。 XCharge C6存在安全漏洞,该漏洞源于设备远程管理服务的配置缺陷,允许通过仅用于车辆充电器信号传输的通信通道建立经过身份验证的会话,该服务在充电连接器暴露的接口上可访问,并接受默认管理凭据,恶意设备物理连接到充电接口可能利用此错误配置获得完全管理访问权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-9039
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-9039
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-9039 (1)
Same Patch Batch · XCharge · 2026-05-28 · 3 CVEs total
| CVE-2026-9038 | Stack-based buffer overflow in XCharge C6 | |
| CVE-2026-9037 | Download of code without integrity check in XCharge C6 |
IV. Related Vulnerabilities
Same weakness: CWE-1188
- CVE-2026-35672
phpMyFAQ - Authentication Bypass via Empty API Token - CVE-2026-24197
NVIDIA Display Driver for Linux 安全漏洞 - CVE-2026-30805
Insecure Default Initialization in API Authentication leads - CVE-2026-6866
Initialization of a Resource with an Insecure Default vulner - CVE-2026-27662
Siemens SIMATIC HMI Comfort Panels 安全漏洞
V. Comments for CVE-2026-9039
No comments yet