6.3

CVE-2025-5826

Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability. This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the ble_process_esp32_msg function. The issue results from misinterpretation of input data. An attacker can leverage this vulnerability to execute AT commands in the context of the device. Was ZDI-CAN-26368.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AutelMaxicharger Ac Pro Firmware Version < 1.39.51
   AutelMaxicharger Ac Pro Version-
AutelMaxicharger Ac Pro Firmware Version < 1.56.51
   AutelMaxicharger Ac Pro Version-
AutelMaxicharger Ac Ultra Firmware Version < 1.39.51
   AutelMaxicharger Ac Ultra Version-
AutelMaxicharger Ac Ultra Firmware Version < 1.56.51
   AutelMaxicharger Ac Ultra Version-
AutelMaxicharger Dc Fast Firmware Version < 1.39.51
   AutelMaxicharger Dc Fast Version-
AutelMaxicharger Dc Fast Firmware Version < 1.56.51
   AutelMaxicharger Dc Fast Version-
AutelMaxicharger Dc Hipower Firmware Version < 1.39.51
   AutelMaxicharger Dc Hipower Version-
AutelMaxicharger Dc Hipower Firmware Version < 1.56.51
   AutelMaxicharger Dc Hipower Version-
AutelMaxicharger Dh480 Firmware Version < 1.39.51
   AutelMaxicharger Dh480 Version-
AutelMaxicharger Dh480 Firmware Version < 1.56.51
   AutelMaxicharger Dh480 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.059
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
zdi-disclosures@trendmicro.com 6.3 2.8 3.4
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE-115 Misinterpretation of Input

The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.