Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the BLE AppAuthenRequest command handler. The handler uses hardcoded credentials as a fallback in case of an authentication request failure. An attacker can leverage this vulnerability to bypass authentication on the system.
Was ZDI-CAN-23196
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.zerodayinitiative.com/advisories/ZDI-24-852/ |
History
Thu, 03 Oct 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Autel maxicharger Ac Elite Business C50
|
|
CPEs | cpe:2.3:h:autel:maxicharger_ac_elite_business_c50:-:*:*:*:*:*:*:* cpe:2.3:o:autel:maxicharger_ac_elite_business_c50_firmware:1.32.00:*:*:*:*:*:*:* |
|
Vendors & Products |
Autel maxicharger Ac Elite Business C50
|
Thu, 03 Oct 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Autel
Autel maxicharger Ac Elite Business C50 Eu Firmware Autel maxicharger Ac Elite Business C50 Firmware |
|
CPEs | cpe:2.3:o:autel:maxicharger_ac_elite_business_c50_eu_firmware:1.50:*:*:*:*:*:*:* cpe:2.3:o:autel:maxicharger_ac_elite_business_c50_firmware:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Autel
Autel maxicharger Ac Elite Business C50 Eu Firmware Autel maxicharger Ac Elite Business C50 Firmware |
|
Metrics |
ssvc
|
Sat, 28 Sep 2024 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BLE AppAuthenRequest command handler. The handler uses hardcoded credentials as a fallback in case of an authentication request failure. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-23196 | |
Title | Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability | |
Weaknesses | CWE-798 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: ASRG
Published: 2024-09-28T06:10:32.811Z
Updated: 2024-10-03T13:48:39.497Z
Reserved: 2024-01-25T00:14:40.298Z
Link: CVE-2024-23958
Vulnrichment
Updated: 2024-10-03T13:44:43.640Z
NVD
Status : Analyzed
Published: 2024-09-28T07:15:03.183
Modified: 2024-10-03T17:42:05.553
Link: CVE-2024-23958
Redhat
No data.