HIGH🇵🇱 Wersja polska

CVE-2025-5825

CVSS 7.5v3.0pub. 2025-06-25upd. 2025-09-10

Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a firmware image before using it to perform an upgrade. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. Was ZDI-CAN-26354.

CVSS Vector
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Autel Maxicharger Ac Elite Business C50

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Ac Elite Business C50 Firmware

    OS
    Autel
    < 1.39.51< 1.56.51
  • Autel Maxicharger Ac Pro

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Ac Pro Firmware

    OS
    Autel
    < 1.39.51< 1.56.51
  • Autel Maxicharger Ac Ultra

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Ac Ultra Firmware

    OS
    Autel
    < 1.56.51< 1.39.51
  • Autel Maxicharger Dc Compact Mobile

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Dc Compact Mobile Firmware

    OS
    Autel
    < 1.39.51< 1.56.51
  • Autel Maxicharger Dc Compact Pedestal

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Dc Compact Pedestal Firmware

    OS
    Autel
    < 1.56.51< 1.39.51
  • Autel Maxicharger Dc Fast

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Dc Fast Firmware

    OS
    Autel
    < 1.39.51< 1.56.51
  • Autel Maxicharger Dc Hipower

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Dc Hipower Firmware

    OS
    Autel
    < 1.39.51< 1.56.51
  • Autel Maxicharger Dh480

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Dh480 Firmware

    OS
    Autel
    < 1.39.51< 1.56.51
  • Autel Maxicharger Single Charger

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Single Charger Firmware

    OS
    Autel
    < 1.39.51< 1.56.51
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-5827HIGH8.8ten sam produkt

Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Stack-based Buffer Overflow Remote Code Executio...

CVE-2025-5830HIGH8.8ten sam produkt

Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remote Code Execution Vul...

CVE-2025-5822HIGH8.8ten sam produkt

Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerabil...

CVE-2025-5824HIGH7.5ten sam produkt

Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability. This vuln...

CVE-2025-6678HIGH7.5ten sam produkt

Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability. This ...