CVE-2026-0778
📋 TL;DR
This vulnerability allows network-adjacent attackers to execute arbitrary code on Enel X JuiceBox 40 electric vehicle charging stations without authentication. The telnet service on port 2000 lacks authentication, enabling remote code execution as the service account. Organizations using these charging stations in corporate or public settings are affected.
💻 Affected Systems
- Enel X JuiceBox 40
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of charging station allowing attackers to disrupt charging operations, manipulate billing data, pivot to internal networks, or cause physical damage through electrical manipulation.
Likely Case
Attackers gain unauthorized access to charging stations, potentially disrupting service, stealing user data, or using the device as a foothold into the network.
If Mitigated
Limited impact with proper network segmentation and access controls preventing unauthorized network access to the charging stations.
🎯 Exploit Status
The vulnerability requires network adjacency but no authentication, making exploitation straightforward for attackers on the same network.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-26-041/
Restart Required: No
Instructions:
1. Check vendor website for firmware updates
2. Apply any available security patches
3. Verify telnet service is disabled or secured
🔧 Temporary Workarounds
Disable Telnet Service
linuxCompletely disable the telnet service on port 2000
systemctl stop telnet
systemctl disable telnet
Network Segmentation
allIsolate charging stations on separate VLAN with strict firewall rules
🧯 If You Can't Patch
- Implement strict network access controls to limit access to port 2000/TCP
- Deploy network monitoring and intrusion detection for telnet traffic on port 2000
🔍 How to Verify
Check if Vulnerable:
Use telnet or nmap to test connectivity to port 2000: 'telnet [IP] 2000' or 'nmap -p 2000 [IP]'Check Version:
Check device web interface or contact vendor for firmware versionVerify Fix Applied:
Verify telnet service is not responding on port 2000 and/or requires authentication📡 Detection & Monitoring
Log Indicators:
- Unauthorized telnet connection attempts
- Unexpected process execution on charging station
Network Indicators:
- Telnet traffic to port 2000 from unauthorized sources
- Unusual outbound connections from charging station
SIEM Query:
source_port=2000 OR destination_port=2000 AND protocol=telnet