Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-5826— Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability

EPSS 0.07% · P22
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-5826

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability. This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ble_process_esp32_msg function. The issue results from misinterpretation of input data. An attacker can leverage this vulnerability to execute AT commands in the context of the device. Was ZDI-CAN-26368.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入的错误解释
Source: NVD (National Vulnerability Database)
Vulnerability Title
Autel MaxiCharger AC Wallbox Commercial 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Autel MaxiCharger AC Wallbox Commercial是美国Autel公司的一款智慧型AI电动车充电器。 Autel MaxiCharger AC Wallbox Commercial存在安全漏洞,该漏洞源于ble_process_esp32_msg函数输入误解,可能导致执行AT命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
AutelAutel MaxiCharger AC Wallbox Commercial 1.36.00 -

II. Public POCs for CVE-2025-5826

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-5826

登录查看更多情报信息。

Same Patch Batch · Autel · 2025-06-25 · 10 CVEs total

CVE-2025-6678Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure
CVE-2025-5825Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerabi
CVE-2025-5830Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remot
CVE-2025-5824Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vuln
CVE-2025-5828Autel MaxiCharger AC Wallbox Commercial wLength Buffer Overflow Remote Code Execution Vuln
CVE-2025-5822Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege E
CVE-2025-5827Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Stack-based Buffer Overflow
CVE-2025-5823Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information
CVE-2025-5829Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code

IV. Related Vulnerabilities

Same product: Autel MaxiCharger AC Wallbox Commercial
Same vendor: Autel
Same weakness: CWE-115

V. Comments for CVE-2025-5826

No comments yet

Leave a comment