CVE-2024-23967 in MaxiCharger AC Elite Business C50
Summary
by MITRE • 09/28/2024
Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 chargers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the handling of base64-encoded data within WebSocket messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.
Was ZDI-CAN-23230
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 10/04/2024
The CVE-2024-23967 vulnerability represents a critical stack-based buffer overflow in the Autel MaxiCharger AC Elite Business C50 device that exposes a remote code execution risk. This vulnerability resides within the WebSocket implementation of the device's communication stack, specifically in how it processes base64-encoded data. The flaw stems from insufficient input validation during the decoding process, where user-supplied base64 data is copied to a fixed-size stack buffer without proper length checking. This creates an exploitable condition where an attacker can overflow the buffer and potentially overwrite adjacent memory, leading to arbitrary code execution. The vulnerability is particularly concerning because it affects network-adjacent attackers who can leverage the existing authentication bypass mechanism to gain access to the device's WebSocket interface.
The technical implementation of this vulnerability aligns with CWE-121 Stack-based Buffer Overflow, which occurs when a program writes data to a stack buffer beyond the buffer's boundaries. The device's WebSocket processing logic fails to validate the length of incoming base64-encoded data before copying it to a predetermined stack buffer location. This type of vulnerability typically falls under the ATT&CK technique T1059.007 Command and Scripting Interpreter: Python, as the exploitation often involves executing malicious code through command injection or memory corruption techniques. The stack-based nature of the overflow means that the attacker can potentially control the instruction pointer and execute arbitrary commands with the privileges of the affected device process.
The operational impact of this vulnerability extends beyond simple code execution, as it provides attackers with persistent access to the device's internal systems. Since the authentication mechanism can be bypassed, an attacker does not require legitimate credentials to exploit the vulnerability, making it particularly dangerous in environments where physical access is limited. The device's role as a charging station for automotive diagnostic equipment means that successful exploitation could provide attackers with access to sensitive automotive data or potentially enable them to manipulate diagnostic information. The vulnerability affects the device's network security posture and could lead to broader compromise if the device is part of a larger network infrastructure.
Mitigation strategies for this vulnerability should focus on both immediate patching and network-level protections. Organizations should prioritize updating the firmware to the latest version provided by Autel to address the buffer overflow condition. Network segmentation and access controls should be implemented to limit the attack surface, particularly restricting access to the WebSocket interface. The implementation of network monitoring solutions can help detect anomalous WebSocket traffic patterns that might indicate exploitation attempts. Additionally, the device should be configured with strong authentication mechanisms and regular credential updates to prevent unauthorized access. Security teams should also consider implementing intrusion detection systems that can identify potential buffer overflow exploitation attempts through signature-based detection methods. The vulnerability demonstrates the importance of input validation in networked embedded systems and highlights the need for comprehensive security testing of communication protocols in industrial IoT devices.