Buffer Overflow Vulnerability in Autel MaxiCharger AC Wallbox Commercial
CVE-2025-5828

6.8MEDIUM

Key Information:

Vendor: Autel
Status: Autel Maxicharger Ac Wallbox Commercial
Vendor: CVE Published:; 25 June 2025

What is CVE-2025-5828?

The Autel MaxiCharger AC Wallbox Commercial has a vulnerability that allows local attackers to perform remote code execution due to improper validation of the length of USB frame packets. Specifically, the flaw arises when user-supplied data is copied to a fixed-length buffer without adequate checks. As a result, malicious entities can exploit this oversight to execute arbitrary code on the device, posing significant security risks. It is essential for users and operators to ensure proper protections are in place to mitigate the potential impact of this vulnerability.

Affected Version(s)

Autel MaxiCharger AC Wallbox Commercial 1.36.00

References

https://www.zerodayinitiative.com/advisories/ZDI-25-347/

x_research-advisory

CVSS V3.0

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2025
Vulnerability Reserved
Jun 6, 2025