Browse all 4 CVE security advisories affecting CTEK. AI-powered Chinese analysis, POCs, and references for each vulnerability.
CTEK develops battery charging systems and vehicle electronics, with its products often integrated into automotive and industrial applications. Historically, CTEK devices have been vulnerable to multiple remote code execution flaws, cross-site scripting vulnerabilities, and privilege escalation issues, primarily through exposed web interfaces and default credentials. The company's products typically feature basic security measures, with some models lacking proper authentication mechanisms. While no major public security incidents have been widely reported, the presence of four CVEs indicates potential exposure to exploitation, particularly in network-connected charging units where unpatched vulnerabilities could allow unauthorized access or device compromise.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-28204 | CTEK Chargeportal Insufficiently Protected Credentials — ChargeportalCWE-522 | 6.5 | Medium | 2026-03-20 |
| CVE-2026-27649 | CTEK Chargeportal Insufficient Session Expiration — ChargeportalCWE-613 | 7.3 | High | 2026-03-20 |
| CVE-2026-31904 | CTEK Chargeportal Improper Restriction of Excessive Authentication Attempts — ChargeportalCWE-307 | 7.5 | High | 2026-03-20 |
| CVE-2026-25192 | CTEK Chargeportal Missing Authentication for Critical Function — ChargeportalCWE-306 | 9.4 | Critical | 2026-03-20 |
This page lists every published CVE security advisory associated with CTEK. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.