SB2025061327 - Multiple vulnerabilities in Autel Energy MaxiCharger AC Elite Business 50A
Published: June 13, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) Incorrect authorization (CVE-ID: CVE-2025-5822)
The vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to incorrect authorization within the implementation of the Autel Technician API. A remote user can gain elevated privileges on the target system.
2) Heap-based buffer overflow (CVE-ID: CVE-2025-5830)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the handling of DLB_SlaveRegister messages. A remote attacker on the local network can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Stack-based buffer overflow (CVE-ID: CVE-2025-5829)
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the handling of JSON messages. An attacker with physical access can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Buffer overflow (CVE-ID: CVE-2025-5828)
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the handling of USB frame packets. An attacker with physical access can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Stack-based buffer overflow (CVE-ID: CVE-2025-5827)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the ble_process_esp32_msg function. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Input validation error (CVE-ID: CVE-2025-5826)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficient validation of user-supplied input within the ble_process_esp32_msg function. A remote attacker can pass specially crafted input to the application and execute AT commands in the context of the target device.
7) Security features bypass (CVE-ID: CVE-2025-5825)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the lack of proper validation of a firmware image before using it to perform an upgrade. A remote attacker on the local network can bypass implemented security restrictions and execute arbitrary code on the system.
8) Origin validation error (CVE-ID: CVE-2025-5824)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficient validation of the origin of commands within the handling of bluetooth pairing requests. A remote attacker on the local network can bypass authentication on the system.
9) Improper Authentication (CVE-ID: N/A)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error when processing authentication requests within the Pile API. A remote attacker can bypass authentication process and gain unauthorized access to sensitive information.
10) Exposed dangerous method or function (CVE-ID: CVE-2025-5823)
The vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to the exposure of a dangerous function in within the implementation of the Autel Technician API. A remote administrator can disclose credentials on the system.
Remediation
Install update from vendor's website.
References
- https://www.zerodayinitiative.com/advisories/ZDI-25-340/
- https://www.zerodayinitiative.com/advisories/ZDI-25-349/
- https://www.zerodayinitiative.com/advisories/ZDI-25-348/
- https://www.zerodayinitiative.com/advisories/ZDI-25-347/
- https://www.zerodayinitiative.com/advisories/ZDI-25-346/
- https://www.zerodayinitiative.com/advisories/ZDI-25-345/
- https://www.zerodayinitiative.com/advisories/ZDI-25-344/
- https://www.zerodayinitiative.com/advisories/ZDI-25-343/
- https://www.zerodayinitiative.com/advisories/ZDI-25-342/
- https://www.zerodayinitiative.com/advisories/ZDI-25-341/