MaxiCharger AC Elite Business C50 Buffet Overflow Vulnerability
CVE-2024-23967

8HIGH

Key Information:

Vendor: Autel
Status: Maxicharger Ac Elite Business C50
Vendor: CVE Published:; 28 September 2024

What is CVE-2024-23967?

The Autel MaxiCharger AC Elite Business C50 is vulnerable to a stack-based buffer overflow due to improper validation of base64-encoded data in WebSocket messages. Network-adjacent attackers can exploit this vulnerability to execute arbitrary code on the device. Despite requiring authentication, the vulnerability allows an attacker to bypass the existing authentication mechanism, potentially leading to unauthorized control over the affected installations. This flaw emphasizes the necessity for robust input validation in networked environments to mitigate risks of remote exploitation.

Affected Version(s)

MaxiCharger AC Elite Business C50 1.32.00

References

https://www.zerodayinitiative.com/advisories/ZDI-24-853/

x_research-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 28, 2024

JSON