Primary

Context

Autel MaxiCharger AC Wallbox Commercial Input Misinterpretation Vulnerability Allowing AT Command Injection

Vulnerability

A vulnerability exists in the Autel MaxiCharger AC Wallbox Commercial charging stations, allowing network-adjacent attackers to inject arbitrary AT commands. This issue arises from a misinterpretation of input data in the ble_process_esp32_msg function, enabling command execution in the context of the device. Notably, no authentication is required to exploit this vulnerability.

Impact

Exploitation of this vulnerability allows for unauthorized injection and execution of AT commands on the affected charging stations.

Remediation

Users can update to American Standard V1.39.51 or European Standard V1.56.51 to address this vulnerability.

Added: Jun 25, 2025, 7:15 PM

Updated: Jun 25, 2025, 7:15 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.9

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.9

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Autel MaxiCharger AC Wallbox Commercial Input Misinterpretation Vulnerability Allowing AT Command Injection

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating