HIGH🇬🇧 English

CVE-2025-5822

CVSS 8.8v3.1pub. 2025-06-25upd. 2025-09-10

Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. An attacker must first obtain a low-privileged authorization token in order to exploit this vulnerability. The specific flaw exists within the implementation of the Autel Technician API. The issue results from incorrect authorization. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-26325.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Autel Maxicharger Ac Elite Business C50

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Ac Elite Business C50 Firmware

    OS
    Autel
    < 1.39.51< 1.56.51
  • Autel Maxicharger Ac Pro

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Ac Pro Firmware

    OS
    Autel
    < 1.39.51< 1.56.51
  • Autel Maxicharger Ac Ultra

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Ac Ultra Firmware

    OS
    Autel
    < 1.56.51< 1.39.51
  • Autel Maxicharger Dc Compact Mobile

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Dc Compact Mobile Firmware

    OS
    Autel
    < 1.39.51< 1.56.51
  • Autel Maxicharger Dc Compact Pedestal

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Dc Compact Pedestal Firmware

    OS
    Autel
    < 1.56.51< 1.39.51
  • Autel Maxicharger Dc Fast

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Dc Fast Firmware

    OS
    Autel
    < 1.39.51< 1.56.51
  • Autel Maxicharger Dc Hipower

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Dc Hipower Firmware

    OS
    Autel
    < 1.39.51< 1.56.51
  • Autel Maxicharger Dh480

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Dh480 Firmware

    OS
    Autel
    < 1.39.51< 1.56.51
  • Autel Maxicharger Single Charger

    HW
    Autel
    wszystkie wersje
  • Autel Maxicharger Single Charger Firmware

    OS
    Autel
    < 1.39.51< 1.56.51
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
LPE
CWE
Referencje

Powiązane podatności

CVE-2025-5827HIGH8.8ten sam produkt

Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Stack-based Buffer Overflow Remote Code Executio...

CVE-2025-5830HIGH8.8ten sam produkt

Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remote Code Execution Vul...

CVE-2025-5824HIGH7.5ten sam produkt

Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability. This vuln...

CVE-2025-5825HIGH7.5ten sam produkt

Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability. This vulnerabi...

CVE-2025-6678HIGH7.5ten sam produkt

Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability. This ...