Autel MaxiCharger WebSocket Base64 Decoding Stack-based Buffer Overflow RCE (CVE-2024-23967)

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Name: - (Pwn2Own) Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability 2. Vulnerability IDs: - ZDI-24-853 - ZDI-CAN-23230 3. CVE ID: - CVE-2024-23967 4. CVSS Score: - 8.0 5. Affected Vendor: - Autel 6. Affected Product: - MaxiCharger AC Elite Business C50 7. Vulnerability Details: - This vulnerability allows a network-adjacent attacker to execute arbitrary code on the affected Autel MaxiCharger AC Elite Business C50 charger. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. - The specific flaw exists in the handling of base64-encoded data within WebSocket messages. The issue stems from improper validation of the length of user-supplied data, leading to its copying into a fixed-length stack buffer. Attackers can exploit this vulnerability to execute code in the context of the device. 8. Fix Details: - Fixed firmware versions: - US firmware v1.35.00 - European firmware v1.50.00 9. Disclosure Timeline: - 2024-02-09 - Vulnerability reported to vendor - 2024-06-21 - Coordinated public disclosure of vulnerability advisory - 2024-08-15 - Vulnerability advisory updated 10. Credits: - Daan Keuper, Thijs Alkemade, and Khaled Nassar from Computest Sector 7 This information provides a detailed description of the vulnerability, including its nature, affected devices, remediation status, and disclosure timeline.

Goal Reached Thanks to every supporter — we hit 100%!

Autel MaxiCharger WebSocket Base64 Decoding Stack-based Buffer Overflow RCE (CVE-2024-23967)