Researchers found flaws within the Autel MaxiCharger EV charger that make it potential to execute arbitrary code on the system by simply putting it inside Bluetooth vary.
The vulnerabilities tracked as CVE-2024-23958, CVE-2024-23959, and CVE-2024-23967 had been recognized throughout Pwn2Own Automotive 2024 in Tokyo.
The Autel MaxiCharger has considerably probably the most intensive {hardware} function set, together with the power for shoppers to select which Open Cost Level Protocol (OCPP) URL the charger will connect with.
Customers may even configure a charger to perform as a public charger, which entitles the proprietor to reimbursement for power used and permits the charger to take any sort of RFID charging card.
Decoding Compliance: What CISOs Have to Know – Be a part of Free Webinar
Vulnerabilities Recognized
Bluetooth Low Vitality(BLE) Authentication (CVE-2024-23958)
The vulnerability, which has a CVSS base rating of 6.5, allows attackers close by the community to bypass authentication on Autel MaxiCharger AC Elite Enterprise C50 charging station installations which can be impacted.
To reap the benefits of this vulnerability, authentication shouldn’t be needed.
The problem stems from the BLE AppAuthenRequest command handler. If the handler receives an unsuccessful authentication request, it would fall again on hardcoded credentials.
This vulnerability permits an attacker to bypass the system’s authentication course of.
The problem was reported by Synacktiv and the workforce throughout Pwn2Own Automotive 2024.
Stack-based Buffer Overflow Distant Code Execution Vulnerability (CVE-2024-23959)
With a CVSS base rating of 8.0, this vulnerability permits network-adjacent attackers to run arbitrary code on susceptible Autel MaxiCharger AC Elite Enterprise C50 charging stations.
This vulnerability requires authentication, however it’s potential to bypass the present authentication system.
There’s a explicit difficulty in the way in which the AppChargingControl BLE command is dealt with.
The issue arises from the user-supplied knowledge not being correctly validated for size earlier than being copied to a fixed-length stack-based buffer.
The problem was reported by Synacktiv and the workforce throughout Pwn2Own Automotive 2024
Buffer Overflow Distant Code Execution Vulnerability (CVE-2024-23967)
This vulnerability, which has a CVSS base rating of 8.0, allows attackers remotely to run arbitrary code on Autel MaxiCharger AC Elite Enterprise C50 charger installations which can be impacted.
The vulnerability particularly pertains to how base64-encoded knowledge is dealt with in WebSocket communications.
The issue arises from the user-supplied knowledge not being correctly validated for size earlier than being copied to a fixed-length stack-based buffer.
This vulnerability can be utilized by an attacker to run code throughout the context of the system.
The problem was reported by Daan Keuper, Thijs Alkemade, and Khaled Nassar of Computest Sector 7.
Patch Launched
Model 1.35.00 fixes the vulnerabilities. In keeping with the ZDI advisory, bounds checks had been added to forestall buffer overflows, and the backdoor authentication token has been eliminated.
Therefore, these points emphasize the importance of adhering to trade requirements strictly and practising safe code, amongst different really useful practices.
Simulating Cyberattack Eventualities With All-in-One Cybersecurity Platform – Watch Free Webinar