V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2025-5829
CVE
Medium

Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allo…

CVSS
6.8
Medium
EPSS
0.00
p21
Published
2025-01-01
Updated
2025-01-01
Description

Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of JSON messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26330.

Tags · CWE
CWE-121
Affected products
Maxicharger_ac_elite_business_c50_firmwareMaxicharger_ac_pro_firmwareMaxicharger_ac_ultra_firmwareMaxicharger_dc_compact_mobile_firmwareMaxicharger_dc_compact_pedestal_firmwareMaxicharger_dc_fast_firmwareMaxicharger_dc_hipower_firmwareMaxicharger_dh480_firmwareMaxicharger_single_charger_firmware
CVSS vector
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
2025-01-01
Published
2025-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: P
Physical (P)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.003 · p21
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Autel
Maxicharger Ac Elite Business C50Maxicharger Ac Elite Business C50 FirmwareMaxicharger Ac ProMaxicharger Ac Pro FirmwareMaxicharger Ac UltraMaxicharger Ac Ultra FirmwareMaxicharger Dc Compact MobileMaxicharger Dc Compact Mobile FirmwareMaxicharger Dc Compact PedestalMaxicharger Dc Compact Pedestal Firmware+8
ProductVendorStatus
maxicharger_ac_elite_business_c50_firmware*Tracked
maxicharger_ac_pro_firmware*Tracked
maxicharger_ac_ultra_firmware*Tracked
maxicharger_dc_compact_mobile_firmware*Tracked
maxicharger_dc_compact_pedestal_firmware*Tracked
maxicharger_dc_fast_firmware*Tracked
maxicharger_dc_hipower_firmware*Tracked
maxicharger_dh480_firmware*Tracked
maxicharger_single_charger_firmware*Tracked
Source databases
CVE