{"id":78981,"date":"2026-05-28T23:46:27","date_gmt":"2026-05-28T20:16:27","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-9037-download-of-code-without-integrity-check-in-xcharge-c6\/"},"modified":"2026-05-28T23:46:27","modified_gmt":"2026-05-28T20:16:27","slug":"cve-2026-9037-download-of-code-without-integrity-check-in-xcharge-c6","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-9037-download-of-code-without-integrity-check-in-xcharge-c6\/","title":{"rendered":"CVE-2026-9037 &#8211; Download of code without integrity check in XCharge C6"},"content":{"rendered":"<p>CVE ID :CVE-2026-9037<\/p>\n<p>  Published : May 28, 2026, 8:16 p.m. | 15\u00a0minutes ago<\/p>\n<p>  Description :A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device&#8217;s management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the management channel could cause the device to install an unauthorized firmware package. This condition could allow execution of unauthorized code with high privileges on the device.<\/p>\n<p>  Severity: 9.3 | CRITICAL<\/p>\n<p>  Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID :CVE-2026-9037 Published : May 28, 2026, 8:16 p.m. | 15\u00a0minutes ago Description :A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device&#8217;s management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the management &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-78981","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/78981","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=78981"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/78981\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=78981"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=78981"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=78981"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}