Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-6678— Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability

EPSS 0.50% · P66
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-6678

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Pile API. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-26352.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键功能的认证机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Autel MaxiCharger AC Wallbox Commercial 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Autel MaxiCharger AC Wallbox Commercial是美国Autel公司的一款智慧型AI电动车充电器。 Autel MaxiCharger AC Wallbox Commercial存在访问控制错误漏洞,该漏洞源于Pile API缺少身份验证,可能导致凭据泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
AutelAutel MaxiCharger AC Wallbox Commercial 1.36.00 -

II. Public POCs for CVE-2025-6678

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-6678

登录查看更多情报信息。

Same Patch Batch · Autel · 2025-06-25 · 10 CVEs total

CVE-2025-5825Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerabi
CVE-2025-5830Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remot
CVE-2025-5824Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vuln
CVE-2025-5828Autel MaxiCharger AC Wallbox Commercial wLength Buffer Overflow Remote Code Execution Vuln
CVE-2025-5822Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege E
CVE-2025-5827Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Stack-based Buffer Overflow
CVE-2025-5826Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input V
CVE-2025-5823Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information
CVE-2025-5829Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code

IV. Related Vulnerabilities

Same product: Autel MaxiCharger AC Wallbox Commercial
Same vendor: Autel
Same weakness: CWE-306

V. Comments for CVE-2025-6678

No comments yet

Leave a comment