EUVD-2025-28669
CVSS Vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Tags
Description
Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ble_process_esp32_msg function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26369.
Analysis
CVE-2025-5827 is a stack-based buffer overflow vulnerability in the ble_process_esp32_msg function of Autel MaxiCharger AC Wallbox Commercial EV chargers that allows unauthenticated, network-adjacent attackers to execute arbitrary code with high impact. The vulnerability results from insufficient validation of user-supplied data length before copying to a fixed-size stack buffer, affecting commercial EV charging infrastructure without requiring authentication or user interaction.
Technical Context
The vulnerability exists in the BLE (Bluetooth Low Energy) message processing function (ble_process_esp32_msg) running on ESP32-based firmware within Autel MaxiCharger AC Wallbox Commercial devices. The root cause is classified as CWE-121 (Stack-based Buffer Overflow), a memory safety issue where inadequate bounds checking allows an attacker to write beyond allocated stack memory. The BLE protocol layer processes device-to-device communication, and the lack of proper length validation on incoming messages before copying to a fixed-length buffer creates a classic stack overflow condition. This is a firmware-level vulnerability in the embedded device's Bluetooth communications stack, likely affecting the device's real-time operating system or bare-metal implementation on the ESP32 microcontroller.
Affected Products
Autel MaxiCharger AC Wallbox Commercial (specific version ranges not provided in description, but CVE indicates commercial EV charger models). CPE data not explicitly provided in the source material, but affected systems would be identified as: cpe:2.3:h:autel:maxicharger_ac_wallbox_commercial:*:*:*:*:*:*:*:*. The vulnerability affects the ESP32-based firmware version(s) containing the vulnerable ble_process_esp32_msg function. Commercial installations typically include fixed AC wallboxes used in fleet charging, commercial parking facilities, and enterprise EV infrastructure. Affected devices are those running firmware versions prior to a patch release (patch version not specified in available data).
Remediation
Immediate remediation requires: (1) Apply firmware patch when available from Autel (contact vendor for security update targeting ble_process_esp32_msg bounds checking), (2) Implement network segmentation—isolate EV charger BLE networks from general corporate/facility networks, (3) Disable BLE if not operationally required or restrict BLE access to trusted device MAC addresses via device-level filtering, (4) Deploy BLE intrusion detection monitoring for abnormal message patterns or buffer-overflow-like payloads, (5) Monitor firmware repositories and Autel security advisories for patch release, (6) Perform security firmware update immediately upon availability (firmware over-the-air updates or manual USB-based updates depending on device capability). Temporary mitigations include physical isolation (distance >100m from untrusted BLE devices), network access controls on the facility network segment hosting chargers, and disabling remote management features if available.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today