EUVD-2025-28668

| CVE-2025-5826 MEDIUM
2025-06-25 [email protected]
6.3
CVSS 3.0
Share

CVSS Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 15, 2026 - 23:19 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 23:19 euvd
EUVD-2025-28668
CVE Published
Jun 25, 2025 - 18:15 nvd
MEDIUM 6.3

Tags

Code Injection Maxicharger Ac Elite Business C50 Firmware Maxicharger Ac Ultra Firmware Maxicharger Dc Hipower Firmware Maxicharger Dc Compact Pedestal Firmware Maxicharger Dh480 Firmware Maxicharger Dc Fast Firmware Maxicharger Single Charger Firmware Maxicharger Ac Pro Firmware Maxicharger Dc Compact Mobile Firmware

Description

Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability. This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ble_process_esp32_msg function. The issue results from misinterpretation of input data. An attacker can leverage this vulnerability to execute AT commands in the context of the device. Was ZDI-CAN-26368.

Analysis

CVE-2025-5826 is a security vulnerability (CVSS 6.3) that allows network-adjacent attackers. Remediation should follow standard vulnerability management procedures.

Technical Context

Vulnerability type not specified by vendor.

Affected Products

['Unspecified product']

Remediation

Monitor vendor channels for patch availability.

Priority Score

32
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +32
POC: 0

Share

EUVD-2025-28668 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy