CVE-2024-23957
published 2024-09-28CVE-2024-23957: Autel MaxiCharger AC Elite Business C50 DLB_HostHeartBeat Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows…
PriorityP260high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EPSS
0.96%
57.0th percentile
Autel MaxiCharger AC Elite Business C50 DLB_HostHeartBeat Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the DLB_HostHeartBeat handler of the DLB protocol implementation. When parsing an AES key, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.
Was ZDI-CAN-23241
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| autel | maxicharger_ac_elite_business_c50 | — | — |
| autel | maxicharger_ac_elite_business_c50_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target the DLB_HostHeartBeat handler: look for JSON RPC payloads over the DLB protocol containing an oversized hex-encoded AES key field sent to network-adjacent Autel MaxiCharger AC Elite Business C50 devices ↗
- →Detect exploitation attempts by monitoring for JSON RPC payloads on the DLB protocol where the hex-encoded AES-128 key field exceeds 32 characters (the valid maximum for a 16-byte AES-128 key); any hex string longer than 32 bytes in this field is anomalous and indicative of a buffer overflow attempt ↗
- →Flag DLB inter-charger communications where the hex-encoded key length is >= 0x21 (33) or equals 0, as the patch specifically blocks these values; traffic with hex_encoded_key_len >= 33 in the JSON RPC AES key parameter should be treated as a potential exploit attempt ↗
- →Identify vulnerable firmware versions: Autel MaxiCharger firmware v1.32 is confirmed vulnerable; v1.35 contains the patch. Devices running firmware below v1.35 should be flagged for immediate patching. ↗
- →No authentication is required to trigger this vulnerability; any unauthenticated network-adjacent host sending a crafted DLB JSON RPC message with an oversized hex AES key should be considered a threat actor ↗
- ·The vulnerability is exploitable only from the network-adjacent segment (not remotely over the internet); the attacker must be on the same local network as the charger to send DLB protocol messages ↗
- ·The DLB protocol carries the vulnerable JSON RPC payload as part of initial inter-charger communications for Dynamic Load Balancing; detection logic should focus on this specific protocol context rather than general JSON traffic ↗
- ·The hex_decode() function does accept a length parameter, but the length is never validated against the fixed 16-byte output buffer size — detection should not rely on the presence of a length field as a safety indicator ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Trendmicro
From Pwn2Own Automotive: More Autel Maxicharger Vulnerabilities
blogs_trendmicro·2024-10-03·CVSS 8.0
[HIGH] From Pwn2Own Automotive: More Autel Maxicharger Vulnerabilities
## From Pwn2Own Automotive: More Autel Maxicharger Vulnerabilities
Learn about Autel Maxicharger vulnerabilities that were covered at Pwn2Own Automotive.
By: Zero Day Initiative 2024/10/03 Read time: ( words)
Save to Folio
This blog post highlights two additional vulnerabilities in the Autel Maxicharger that were exploited at Pwn2Own Automotive 2024. Details of the patches are also included.
Autel has been informed and has deployed a firmware update (v1.35) to address both of these issues. If you want to read about other Autel bugs reported at Pwn2Own, you check out our earlier blog here .
The First Vulnerability: CVE-2024-23967 (ZDI-CAN-23230)
Researchers from Computest Sector 7 identified and exploited a stack-based buffer overflow in v1.32 of the Autel firmware. This vulnerabilit
Trendmicro
From Pwn2Own Automotive: More Autel Maxicharger Vulnerabilities
blogs_trendmicro·2024-10-03·CVSS 8.0
[HIGH] From Pwn2Own Automotive: More Autel Maxicharger Vulnerabilities
# From Pwn2Own Automotive: More Autel Maxicharger Vulnerabilities
Learn about Autel Maxicharger vulnerabilities that were covered at Pwn2Own Automotive.
By: Zero Day Initiative
2024/10/03
Read time: ( words)
Save to Folio
This blog post highlights two additional vulnerabilities in the Autel Maxicharger that were exploited at Pwn2Own Automotive 2024. Details of the patches are also included.
Autel has been informed and has deployed a firmware update (v1.35) to address both of these issues. If you want to read about other Autel bugs reported at Pwn2Own, you check out our earlier blog here.
The First Vulnerability: CVE-2024-23967 (ZDI-CAN-23230)
Researchers from Computest Sector 7 identified and exploited a stack-based buffer overflow in v1.32 of the Autel firmware. This vulnerability
2024-09-28
Published