CVE-2026-9037

Published: Mag 28, 2026 Last Modified: Mag 28, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the management channel could cause the device to install an unauthorized firmware package. This condition could allow execution of unauthorized code with high privileges on the device.

494

Download of Code Without Integrity Check

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Availability Confidentiality Other

Potential Impacts:

Execute Unauthorized Code Or Commands Alter Execution Logic Other

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: Medium

View CWE Details

https://www.cisa.gov/news-events/ics-advisories/icsa-26-148…

https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-08

CVE-2026-9037

Description

Download of Code Without Integrity Check

Common Consequences

Applicable Platforms

Iscriviti alla newsletter