Hardcoded Credentials Bypass Vulnerability in Autel MaxiCharger AC Elite Business C50
CVE-2024-23958

8.8HIGH

Key Information:

Vendor: Autel
Status: Maxicharger Ac Elite Business C50
Vendor: CVE Published:; 28 September 2024

What is CVE-2024-23958?

The Autel MaxiCharger AC Elite Business C50 is affected by a vulnerability that allows network-adjacent attackers to bypass authentication mechanisms. This flaw is rooted in the BLE AppAuthenRequest command handler, which relies on hardcoded credentials as a fallback during authentication failures. As a result, attackers can exploit this weakness to gain unauthorized access to the system, circumventing any intended security measures. Proper mitigation strategies must be employed to address this critical security issue.

Affected Version(s)

MaxiCharger AC Elite Business C50 1.32.00

References

https://www.zerodayinitiative.com/advisories/ZDI-24-852/

x_research-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 28, 2024

JSON