Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-5824— Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability

EPSS 0.02% · P7
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-5824

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Wallbox Commercial. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the handling of bluetooth pairing requests. The issue results from insufficient validation of the origin of commands. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26353.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
源验证错误
Source: NVD (National Vulnerability Database)
Vulnerability Title
Autel MaxiCharger AC Wallbox Commercial 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Autel MaxiCharger AC Wallbox Commercial是美国Autel公司的一款智慧型AI电动车充电器。 Autel MaxiCharger AC Wallbox Commercial存在访问控制错误漏洞,该漏洞源于命令来源验证不足,可能导致认证绕过。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
AutelAutel MaxiCharger AC Wallbox Commercial 1.36.00 -

II. Public POCs for CVE-2025-5824

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-5824

登录查看更多情报信息。

Same Patch Batch · Autel · 2025-06-25 · 10 CVEs total

CVE-2025-6678Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure
CVE-2025-5825Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerabi
CVE-2025-5830Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remot
CVE-2025-5828Autel MaxiCharger AC Wallbox Commercial wLength Buffer Overflow Remote Code Execution Vuln
CVE-2025-5822Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege E
CVE-2025-5827Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Stack-based Buffer Overflow
CVE-2025-5826Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input V
CVE-2025-5823Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information
CVE-2025-5829Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code

IV. Related Vulnerabilities

Same product: Autel MaxiCharger AC Wallbox Commercial
Same vendor: Autel
Same weakness: CWE-346

V. Comments for CVE-2025-5824

No comments yet

Leave a comment