Skip to main content

Maxicharger Ac Elite Business C50 Firmware CVE-2025-5826

| EUVDEUVD-2025-28668 MEDIUM
Misinterpretation of Input (CWE-115)
2025-06-25 zdi-disclosures@trendmicro.com
6.3
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.3 MEDIUM
AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 23:19 euvd
EUVD-2025-28668
Analysis Generated
Mar 15, 2026 - 23:19 vuln.today
CVE Published
Jun 25, 2025 - 18:15 nvd
MEDIUM 6.3

DescriptionCVE.org

Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability. This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the ble_process_esp32_msg function. The issue results from misinterpretation of input data. An attacker can leverage this vulnerability to execute AT commands in the context of the device. Was ZDI-CAN-26368.

AnalysisAI

CVE-2025-5826 is a security vulnerability (CVSS 6.3) that allows network-adjacent attackers. Remediation should follow standard vulnerability management procedures.

Technical ContextAI

Vulnerability type not specified by vendor.

RemediationAI

Monitor vendor channels for patch availability.

Share

CVE-2025-5826 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy