Primary

Context

Autel MaxiCharger AC Wallbox Commercial Technician API Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability has been identified in the Autel MaxiCharger AC Wallbox Commercial charging stations. This issue arises from incorrect authorization in the Autel Technician API, allowing remote attackers to escalate privileges on affected installations. To exploit this vulnerability, an attacker must first obtain a low-privileged authorization token.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, granting access to resources typically protected from the user.

Remediation

This vulnerability has been fixed in the American Standard version 1.39.51 and European Standard version 1.56.51.

Added: Jun 25, 2025, 7:41 PM

Updated: Jun 25, 2025, 7:41 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Autel MaxiCharger AC Wallbox Commercial Technician API Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating