CVE-2026-0778HIGH 8.8EPSS p44.3%

CVE-2026-0778CVE-2026-0778

Description

Enel X JuiceBox 40 Telnet Service Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Enel X JuiceBox 40 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the telnet service, which listens on TCP port 2000 by default. The issue results from the lack of authentication prior to allowing remote connections. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23285.

Scoring

CVSS 3.08.8 (HIGH)
VectorCVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.61% probability of exploitation · percentile 44.3% · 2026-06-19T12:03:05Z
Published2026-01-23
Last modified2026-04-15

Underlying weaknesses· 1

CWE-306

References

  1. https://www.zerodayinitiative.com/advisories/ZDI-26-041/

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-27028
CVE
CVE-2026-20781
CVE
CVE-2026-25192
CVE
CVE-2025-3881
CVE
CVE-2025-3882
CVE
CVE-2025-28202
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.