HIGH🇵🇱 Wersja polska

CVE-2025-5827

CVSS 8.8v3.0pub. 2025-06-25upd. 2025-09-10

Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ble_process_esp32_msg function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26369.

CVSS Vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Autel Maxicharger Ac Elite Business C50

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Ac Elite Business C50 Firmware

    OS
    Autel
    < 1.39.51< 1.56.51
  • Autel Maxicharger Ac Pro

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Ac Pro Firmware

    OS
    Autel
    < 1.39.51< 1.56.51
  • Autel Maxicharger Ac Ultra

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Ac Ultra Firmware

    OS
    Autel
    < 1.56.51< 1.39.51
  • Autel Maxicharger Dc Compact Mobile

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Dc Compact Mobile Firmware

    OS
    Autel
    < 1.39.51< 1.56.51
  • Autel Maxicharger Dc Compact Pedestal

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Dc Compact Pedestal Firmware

    OS
    Autel
    < 1.56.51< 1.39.51
  • Autel Maxicharger Dc Fast

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Dc Fast Firmware

    OS
    Autel
    < 1.39.51< 1.56.51
  • Autel Maxicharger Dc Hipower

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Dc Hipower Firmware

    OS
    Autel
    < 1.39.51< 1.56.51
  • Autel Maxicharger Dh480

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Dh480 Firmware

    OS
    Autel
    < 1.39.51< 1.56.51
  • Autel Maxicharger Single Charger

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Single Charger Firmware

    OS
    Autel
    < 1.39.51< 1.56.51
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2025-5825HIGH7.5ten sam produkt

Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability. This vulnerabi...

CVE-2025-5830HIGH8.8ten sam produkt

Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remote Code Execution Vul...

CVE-2025-5822HIGH8.8ten sam produkt

Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerabil...

CVE-2025-5824HIGH7.5ten sam produkt

Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability. This vuln...

CVE-2025-6678HIGH7.5ten sam produkt

Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability. This ...