CWE-1328

Security Version Number Mutable to Older Versions

3 CVEs Avg CVSS 4.1 MITRE
0
CRITICAL
1
HIGH
0
MEDIUM
2
LOW
0
POC
0
KEV

Monthly

CVE-2025-5825 HIGH This Week

CVE-2025-5825 is a firmware downgrade remote code execution vulnerability in Autel MaxiCharger AC Wallbox Commercial charging stations that allows network-adjacent attackers with Bluetooth pairing capability to execute arbitrary code by uploading a malicious firmware image without proper validation. The vulnerability has a CVSS score of 7.5 (High) with high confidentiality, integrity, and availability impact, though exploitation requires prior Bluetooth device pairing. This is a ZDI-coordinated disclosure (ZDI-CAN-26354) affecting commercial charging infrastructure.

RCE Maxicharger Dc Compact Pedestal Firmware Maxicharger Dh480 Firmware Maxicharger Dc Compact Mobile Firmware Maxicharger Ac Pro Firmware +5
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2025-29989 LOW Monitor

Dell Client Platform BIOS contains a Security Version Number Mutable to Older Versions vulnerability. Rated low severity (CVSS 3.1), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Precision 5820 Tower Firmware Precision 7820 Tower Firmware Precision 7920 Tower Firmware +1
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2024-13870 LOW Monitor

An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older,. Rated low severity (CVSS 1.8), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Box Firmware
NVD
CVSS 4.0
1.8
EPSS
0.0%
CVE-2025-5825
EPSS 0% CVSS 7.5
HIGH This Week

CVE-2025-5825 is a firmware downgrade remote code execution vulnerability in Autel MaxiCharger AC Wallbox Commercial charging stations that allows network-adjacent attackers with Bluetooth pairing capability to execute arbitrary code by uploading a malicious firmware image without proper validation. The vulnerability has a CVSS score of 7.5 (High) with high confidentiality, integrity, and availability impact, though exploitation requires prior Bluetooth device pairing. This is a ZDI-coordinated disclosure (ZDI-CAN-26354) affecting commercial charging infrastructure.

RCE Maxicharger Dc Compact Pedestal Firmware Maxicharger Dh480 Firmware +7
NVD
CVE-2025-29989
EPSS 0% CVSS 3.1
LOW Monitor

Dell Client Platform BIOS contains a Security Version Number Mutable to Older Versions vulnerability. Rated low severity (CVSS 3.1), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Precision 5820 Tower Firmware +3
NVD
CVE-2024-13870
EPSS 0% CVSS 1.8
LOW Monitor

An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older,. Rated low severity (CVSS 1.8), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Box Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy