CVE-2026-22540 PUBLISHED

DENIAL OF SERVICE VIA ARP PACKETS

Assigner: S21sec
Reserved: 07.01.2026 Published: 07.01.2026 Updated: 07.01.2026

The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
CVSS Score: 9.2

Product Status

Vendor EFACEC
Product QC60/90/120
Versions Default: unaffected
  • Version 8 is affected

Credits

  • Aarón Flecha Menéndez finder
  • Iván Alonso Álvarez finder
  • Víctor Bello Cuevas finder

References

Problem Types

  • CWE-400 Uncontrolled Resource Consumption CWE

Impacts

  • CAPEC-125 Flooding