Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-5828— Autel MaxiCharger AC Wallbox Commercial wLength Buffer Overflow Remote Code Execution Vulnerability

EPSS 0.22% · P44
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-5828

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Autel MaxiCharger AC Wallbox Commercial wLength Buffer Overflow Remote Code Execution Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Autel MaxiCharger AC Wallbox Commercial wLength Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of USB frame packets. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26328.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Autel MaxiCharger AC Wallbox Commercial 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Autel MaxiCharger AC Wallbox Commercial是美国Autel公司的一款智慧型AI电动车充电器。 Autel MaxiCharger AC Wallbox Commercial存在安全漏洞,该漏洞源于USB帧包处理缓冲区溢出,可能导致远程代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
AutelAutel MaxiCharger AC Wallbox Commercial 1.36.00 -

II. Public POCs for CVE-2025-5828

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-5828

登录查看更多情报信息。

Same Patch Batch · Autel · 2025-06-25 · 10 CVEs total

CVE-2025-6678Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure
CVE-2025-5825Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerabi
CVE-2025-5830Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remot
CVE-2025-5824Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vuln
CVE-2025-5822Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege E
CVE-2025-5827Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Stack-based Buffer Overflow
CVE-2025-5826Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input V
CVE-2025-5823Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information
CVE-2025-5829Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code

IV. Related Vulnerabilities

Same product: Autel MaxiCharger AC Wallbox Commercial
Same vendor: Autel
Same weakness: CWE-120

V. Comments for CVE-2025-5828

No comments yet

Leave a comment