Primary

Context

Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in the Autel MaxiCharger AC Wallbox Commercial charging stations. This issue arises from the firmware update process, where the lack of proper validation allows network-adjacent attackers to execute arbitrary code. To exploit this vulnerability, an attacker must first pair a malicious Bluetooth device with the target charging station.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected device.

Remediation

Users can update to version 1.39.51 for American Standard or version 1.56.51 for European Standard to address this vulnerability.

Added: Jun 25, 2025, 7:47 PM

Updated: Jun 25, 2025, 7:47 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.5

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.5

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating