CVE-2025-5830 in MaxiCharger AC Wallbox Commercial
Summary
by MITRE • 06/25/2025
Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of DLB_SlaveRegister messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26327.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 09/10/2025
The CVE-2025-5830 vulnerability represents a critical heap-based buffer overflow flaw in Autel MaxiCharger AC Wallbox Commercial EV chargers that exposes devices to remote code execution attacks. This vulnerability specifically affects the DLB_SlaveRegister message handling functionality within the device's communication protocol stack, making it particularly dangerous for commercial electric vehicle charging infrastructure. The vulnerability's severity is amplified by its remote exploitability without authentication requirements, meaning attackers can target these devices from network-adjacent locations without needing to establish a valid session or present credentials. This characteristic aligns with ATT&CK technique T1210 - Exploitation of Remote Services, where adversaries leverage network-accessible services to gain unauthorized access to systems. The vulnerability falls under CWE-121, Heap-based Buffer Overflow, which occurs when a program writes data beyond the boundaries of a heap-allocated buffer, potentially corrupting adjacent memory and allowing attackers to overwrite critical program data or execute arbitrary code.
The technical implementation of this vulnerability stems from insufficient input validation within the DLB_SlaveRegister message processing routine. When the device receives a malformed message containing user-supplied data, it fails to properly validate the length of the incoming payload before copying it into a predetermined heap-based buffer. This inadequate bounds checking creates a scenario where an attacker can craft a specially designed message that exceeds the buffer capacity, causing a heap overflow condition. The heap-based nature of the vulnerability means that the overflow occurs in dynamically allocated memory rather than stack memory, making exploitation more complex but potentially more reliable than stack-based overflows. The lack of authentication requirements for exploitation makes this vulnerability particularly concerning for commercial installations where physical access to the device may be limited but network connectivity is typically available.
The operational impact of CVE-2025-5830 extends beyond simple code execution, potentially compromising the entire charging infrastructure and associated network systems. Attackers who successfully exploit this vulnerability can gain full control over the affected EV chargers, enabling them to manipulate charging sessions, monitor user data, or even disrupt charging operations for other users. This represents a significant threat to commercial EV charging networks where multiple devices are interconnected and may be managed through centralized systems. The vulnerability's implications align with the broader ATT&CK framework's T1071.004 - Application Layer Protocol: DNS, where attackers might leverage compromised devices to establish command and control channels or further infiltrate network environments. For commercial installations, this vulnerability could lead to financial losses through unauthorized charging sessions, potential safety hazards from manipulated charging protocols, and reputational damage from compromised infrastructure. The vulnerability also poses risks to connected building management systems, as EV chargers often integrate with broader facility control networks.
Mitigation strategies for CVE-2025-5830 should focus on immediate network-level protections combined with firmware updates from Autel. Network administrators should implement strict access controls and firewall rules to limit communication to only necessary network segments, as the vulnerability allows remote exploitation without authentication. The most effective long-term solution requires applying the vendor-provided security patches that address the buffer overflow in the DLB_SlaveRegister handling code. Organizations should also consider network segmentation to isolate critical charging infrastructure from general network access, implementing intrusion detection systems to monitor for anomalous communication patterns that might indicate exploitation attempts. Additionally, regular security assessments of connected IoT devices should be conducted to identify similar vulnerabilities in other commercial charging systems, as this type of heap-based buffer overflow is a common weakness in embedded systems. The vulnerability highlights the importance of input validation and bounds checking in embedded firmware development, aligning with industry best practices such as those outlined in the OWASP Internet of Things Project, which emphasizes proper validation of all inputs to prevent injection-based attacks.