Primary

Context

Autel MaxiCharger AC Wallbox Commercial Stack-Based Buffer Overflow Remote Code Execution Vulnerability

Vulnerability

A stack-based buffer overflow vulnerability allowing remote code execution has been identified in the Autel MaxiCharger AC Wallbox Commercial EV chargers. This issue arises in the ble_process_esp32_msg function, where user-supplied data is not properly validated before being copied to a fixed-length stack-based buffer. As a result, network-adjacent attackers can execute arbitrary code on the affected devices without requiring authentication.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected EV chargers, with the executed code running in the context of the device.

Remediation

The vulnerability has been fixed in the American Standard version 1.39.51 and European Standard version 1.56.51.

Added: Jun 25, 2025, 7:39 PM

Updated: Jun 25, 2025, 7:39 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.9

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.9

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Autel MaxiCharger AC Wallbox Commercial Stack-Based Buffer Overflow Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating