CVE-2024-23958
MEDIUMAutel MaxiCharger AC Elite Business C50 - Unauthenticated Bypass via BLE Hardcoded Credentials
Title source: llmDescription
Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BLE AppAuthenRequest command handler. The handler uses hardcoded credentials as a fallback in case of an authentication request failure. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-23196
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry x_research-advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-852/
Scores
CVSS v3
6.5
EPSS
0.0081
EPSS Percentile
52.1%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-798
Status
published
Products (1)
autel/maxicharger_ac_elite_business_c50_firmware
1.32.00
Published
Sep 28, 2024
Tracked Since
Feb 18, 2026