CVE-2024-7795
HIGHDescription
Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the AppAuthenExchangeRandomNum BLE command. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23384.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| autel | maxicharger_ac_elite_business_c50_firmware |
| autel | maxicharger_ac_elite_business_c50 |
References
Other References
Frequently Asked Questions
What is CVE-2024-7795? +
How severe is CVE-2024-7795? +
What products are affected by CVE-2024-7795? +
How do I check if I'm vulnerable to CVE-2024-7795? +
Related Vulnerabilities
A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to …
LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. …
editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have …
Under certain circumstances the iSTAR Configuration Utility (ICU) tool could have a buffer overflow issue
A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may …
CWE-121: Stack-based Buffer Overflow vulnerability exists that could cause local attackers being able to exploit these issues to potentially execute …