CVE-2025-5826 – Autel MaxiCharger AC Wallbox Commercial BLE Command Injection Vulnerability

June 25, 2025

CVE ID : CVE-2025-5826

Published : June 25, 2025, 6:15 p.m. | 24 minutes ago

Description : Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability. This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the ble_process_esp32_msg function. The issue results from misinterpretation of input data. An attacker can leverage this vulnerability to execute AT commands in the context of the device. Was ZDI-CAN-26368.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5828 – Autel MaxiCharger AC Wallbox Commercial USB Frame Packet Length Buffer Overflow Remote Code Execution Vulnerability

Next Article CVE-2025-5824 – Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-5826 – Autel MaxiCharger AC Wallbox Commercial BLE Command Injection Vulnerability

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

CVE-2025-3837 – “VMware End of Life OVA Connect Remote Code Execution Vulnerability”

CVE-2025-43026 – HP Support Assistant Privilege Escalation Vulnerability

Ransomware scum disrupted utility services with SimpleHelp attacks

JSON module scripts are now Baseline Newly available

Alibaba’s Qwen 3 family of hybrid reasoning AI models is a potential threat rivals

DOJ charges 12 more in $263 million crypto fraud takedown where money was hidden in squishmallow stuffed animals

These 3 Microsoft Teams features are set to ship this summer — here’s why I’m excited

Who says design needs a mouse?

CVE-2025-5826 – Autel MaxiCharger AC Wallbox Commercial BLE Command Injection Vulnerability

Related Posts