Sign-up

ID

VAR-202506-0623


CVE

CVE-2025-5823


TITLE

plural  autel  Vulnerabilities in products exposing dangerous methods or functions

Trust: 0.8

sources: JVNDB: JVNDB-2025-013688

DESCRIPTION

Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the Autel Technician API. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-26351. maxicharger ac elite business c50 firmware, MaxiCharger AC Pro firmware, MaxiCharger AC Ultra firmware etc. autel The product contains a vulnerability related to exposing dangerous methods or functions.Information may be obtained. Autel MaxiCharger AC Wallbox Commercial is a smart AI electric vehicle charger from Autel, a US company

Trust: 2.79

sources: NVD: CVE-2025-5823 // JVNDB: JVNDB-2025-013688 // ZDI: ZDI-25-341 // CNVD: CNVD-2025-14952

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-14952

AFFECTED PRODUCTS

vendor:autelmodel:maxicharger ac ultrascope:ltversion:1.56.51

Trust: 1.0

vendor:autelmodel:maxicharger dc compact pedestalscope:ltversion:1.56.51

Trust: 1.0

vendor:autelmodel:maxicharger dc fastscope:ltversion:1.56.51

Trust: 1.0

vendor:autelmodel:maxicharger dc compact mobilescope:ltversion:1.39.51

Trust: 1.0

vendor:autelmodel:maxicharger dh480scope:ltversion:1.56.51

Trust: 1.0

vendor:autelmodel:maxicharger dc hipowerscope:ltversion:1.39.51

Trust: 1.0

vendor:autelmodel:maxicharger single chargerscope:ltversion:1.39.51

Trust: 1.0

vendor:autelmodel:maxicharger ac proscope:ltversion:1.39.51

Trust: 1.0

vendor:autelmodel:maxicharger ac elite business c50scope:ltversion:1.56.51

Trust: 1.0

vendor:autelmodel:maxicharger dc compact pedestalscope:ltversion:1.39.51

Trust: 1.0

vendor:autelmodel:maxicharger single chargerscope:ltversion:1.56.51

Trust: 1.0

vendor:autelmodel:maxicharger ac ultrascope:ltversion:1.39.51

Trust: 1.0

vendor:autelmodel:maxicharger dc fastscope:ltversion:1.39.51

Trust: 1.0

vendor:autelmodel:maxicharger dc hipowerscope:ltversion:1.56.51

Trust: 1.0

vendor:autelmodel:maxicharger dh480scope:ltversion:1.39.51

Trust: 1.0

vendor:autelmodel:maxicharger ac proscope:ltversion:1.56.51

Trust: 1.0

vendor:autelmodel:maxicharger dc compact mobilescope:ltversion:1.56.51

Trust: 1.0

vendor:autelmodel:maxicharger ac elite business c50scope:ltversion:1.39.51

Trust: 1.0

vendor:autelmodel:maxicharger single chargerscope: - version: -

Trust: 0.8

vendor:autelmodel:maxicharger ac proscope: - version: -

Trust: 0.8

vendor:autelmodel:maxicharger dc compact mobilescope: - version: -

Trust: 0.8

vendor:autelmodel:maxicharger dc compact pedestalscope: - version: -

Trust: 0.8

vendor:autelmodel:maxicharger dc fastscope: - version: -

Trust: 0.8

vendor:autelmodel:maxicharger ac elite business c50scope: - version: -

Trust: 0.8

vendor:autelmodel:maxicharger ac ultrascope: - version: -

Trust: 0.8

vendor:autelmodel:maxicharger dc hipowerscope: - version: -

Trust: 0.8

vendor:autelmodel:maxicharger dh480scope: - version: -

Trust: 0.8

vendor:autelmodel:maxicharger ac wallbox commercialscope: - version: -

Trust: 0.7

vendor:autelmodel:maxicharger ac wallbox commercial <v1.39.51scope: - version: -

Trust: 0.6

vendor:autelmodel:maxicharger ac wallbox commercial <v1.56.51scope: - version: -

Trust: 0.6

sources: ZDI: ZDI-25-341 // CNVD: CNVD-2025-14952 // JVNDB: JVNDB-2025-013688 // NVD: CVE-2025-5823

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com: CVE-2025-5823
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2025-5823
value: MEDIUM

Trust: 1.0

NVD: CVE-2025-5823
value: MEDIUM

Trust: 0.8

ZDI: CVE-2025-5823
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2025-14952
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-14952
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

zdi-disclosures@trendmicro.com: CVE-2025-5823
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.0

Trust: 1.0

nvd@nist.gov: CVE-2025-5823
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2025-5823
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2025-5823
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-25-341 // CNVD: CNVD-2025-14952 // JVNDB: JVNDB-2025-013688 // NVD: CVE-2025-5823 // NVD: CVE-2025-5823

PROBLEMTYPE DATA

problemtype:CWE-749

Trust: 1.0

problemtype:Exposing dangerous methods or functions (CWE-749) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-013688 // NVD: CVE-2025-5823

PATCH

title:Patch for Autel MaxiCharger AC Wallbox Commercial Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/704556

Trust: 0.6

sources: CNVD: CNVD-2025-14952

EXTERNAL IDS

db:NVDid:CVE-2025-5823

Trust: 3.9

db:ZDIid:ZDI-25-341

Trust: 3.1

db:JVNDBid:JVNDB-2025-013688

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-26351

Trust: 0.7

db:CNVDid:CNVD-2025-14952

Trust: 0.6

sources: ZDI: ZDI-25-341 // CNVD: CNVD-2025-14952 // JVNDB: JVNDB-2025-013688 // NVD: CVE-2025-5823

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-25-341/

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2025-5823

Trust: 0.8

sources: CNVD: CNVD-2025-14952 // JVNDB: JVNDB-2025-013688 // NVD: CVE-2025-5823

CREDITS

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)

Trust: 0.7

sources: ZDI: ZDI-25-341

SOURCES

db:ZDIid:ZDI-25-341
db:CNVDid:CNVD-2025-14952
db:JVNDBid:JVNDB-2025-013688
db:NVDid:CVE-2025-5823

LAST UPDATE DATE

2025-09-14T23:26:39.480000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-25-341date:2025-06-11T00:00:00
db:CNVDid:CNVD-2025-14952date:2025-07-03T00:00:00
db:JVNDBid:JVNDB-2025-013688date:2025-09-11T08:00:00
db:NVDid:CVE-2025-5823date:2025-09-10T14:46:52.680

SOURCES RELEASE DATE

db:ZDIid:ZDI-25-341date:2025-06-11T00:00:00
db:CNVDid:CNVD-2025-14952date:2025-07-03T00:00:00
db:JVNDBid:JVNDB-2025-013688date:2025-09-11T00:00:00
db:NVDid:CVE-2025-5823date:2025-06-25T18:15:23.043