Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BLE AppAuthenRequest command handler. The handler uses hardcoded credentials as a fallback in case of an authentication request failure. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-23196
History

Thu, 03 Oct 2024 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Autel maxicharger Ac Elite Business C50
CPEs cpe:2.3:h:autel:maxicharger_ac_elite_business_c50:-:*:*:*:*:*:*:*
cpe:2.3:o:autel:maxicharger_ac_elite_business_c50_firmware:1.32.00:*:*:*:*:*:*:*
Vendors & Products Autel maxicharger Ac Elite Business C50

Thu, 03 Oct 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Autel
Autel maxicharger Ac Elite Business C50 Eu Firmware
Autel maxicharger Ac Elite Business C50 Firmware
CPEs cpe:2.3:o:autel:maxicharger_ac_elite_business_c50_eu_firmware:1.50:*:*:*:*:*:*:*
cpe:2.3:o:autel:maxicharger_ac_elite_business_c50_firmware:*:*:*:*:*:*:*:*
Vendors & Products Autel
Autel maxicharger Ac Elite Business C50 Eu Firmware
Autel maxicharger Ac Elite Business C50 Firmware
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sat, 28 Sep 2024 06:30:00 +0000

Type Values Removed Values Added
Description Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BLE AppAuthenRequest command handler. The handler uses hardcoded credentials as a fallback in case of an authentication request failure. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-23196
Title Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability
Weaknesses CWE-798
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ASRG

Published: 2024-09-28T06:10:32.811Z

Updated: 2024-10-03T13:48:39.497Z

Reserved: 2024-01-25T00:14:40.298Z

Link: CVE-2024-23958

cve-icon Vulnrichment

Updated: 2024-10-03T13:44:43.640Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-28T07:15:03.183

Modified: 2024-10-03T17:42:05.553

Link: CVE-2024-23958

cve-icon Redhat

No data.