Sign-up

ID

VAR-202506-0623


CVE

CVE-2025-5823


TITLE

(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability

Trust: 0.7

sources: ZDI: ZDI-25-341

DESCRIPTION

Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the Autel Technician API. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-26351. Autel MaxiCharger AC Wallbox Commercial is a smart AI electric vehicle charger from Autel, a US company

Trust: 2.07

sources: NVD: CVE-2025-5823 // ZDI: ZDI-25-341 // CNVD: CNVD-2025-14952

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-14952

AFFECTED PRODUCTS

vendor:autelmodel:maxicharger ac wallbox commercialscope: - version: -

Trust: 0.7

vendor:autelmodel:maxicharger ac wallbox commercial <v1.39.51scope: - version: -

Trust: 0.6

vendor:autelmodel:maxicharger ac wallbox commercial <v1.56.51scope: - version: -

Trust: 0.6

sources: ZDI: ZDI-25-341 // CNVD: CNVD-2025-14952

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com: CVE-2025-5823
value: MEDIUM

Trust: 1.0

ZDI: CVE-2025-5823
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2025-14952
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-14952
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

zdi-disclosures@trendmicro.com: CVE-2025-5823
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.0

Trust: 1.0

ZDI: CVE-2025-5823
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-25-341 // CNVD: CNVD-2025-14952 // NVD: CVE-2025-5823

PROBLEMTYPE DATA

problemtype:CWE-749

Trust: 1.0

sources: NVD: CVE-2025-5823

PATCH

title:Patch for Autel MaxiCharger AC Wallbox Commercial Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/704556

Trust: 0.6

sources: CNVD: CNVD-2025-14952

EXTERNAL IDS

db:NVDid:CVE-2025-5823

Trust: 2.3

db:ZDIid:ZDI-25-341

Trust: 2.3

db:ZDI_CANid:ZDI-CAN-26351

Trust: 0.7

db:CNVDid:CNVD-2025-14952

Trust: 0.6

sources: ZDI: ZDI-25-341 // CNVD: CNVD-2025-14952 // NVD: CVE-2025-5823

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-25-341/

Trust: 1.6

sources: CNVD: CNVD-2025-14952 // NVD: CVE-2025-5823

CREDITS

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)

Trust: 0.7

sources: ZDI: ZDI-25-341

SOURCES

db:ZDIid:ZDI-25-341
db:CNVDid:CNVD-2025-14952
db:NVDid:CVE-2025-5823

LAST UPDATE DATE

2025-07-04T23:43:51.548000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-25-341date:2025-06-11T00:00:00
db:CNVDid:CNVD-2025-14952date:2025-07-03T00:00:00
db:NVDid:CVE-2025-5823date:2025-06-26T18:57:43.670

SOURCES RELEASE DATE

db:ZDIid:ZDI-25-341date:2025-06-11T00:00:00
db:CNVDid:CNVD-2025-14952date:2025-07-03T00:00:00
db:NVDid:CVE-2025-5823date:2025-06-25T18:15:23.043