CVE Details
Basic Information
| Title | Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability |
|---|---|
| Type | cve |
| Published | 2025-06-25T18:02:09.371Z |
| Last Seen |
Product Information
| Vendor | Autel |
|---|---|
| Product | Autel MaxiCharger AC Wallbox Commercial |
| Version | 1.36.00 |
CVSS Information
| Base Score | 0.0 () |
|---|---|
| Attack Vector | |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A vulnerability in the Pile API of Autel MaxiCharger AC Wallbox Commercial allows remote attackers to disclose sensitive information without authentication. This could lead to credential exposure and further system compromise. |
|---|---|
| AI Severity | High |
| Vendor | Autel |
| Product | Autel MaxiCharger AC Wallbox Commercial |
| Affected Version | 1.36.00 |
Affected Products
- Autel Autel MaxiCharger AC Wallbox Commercial 1.36.00
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-306 |
| Bulletin Family |
Description
Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Pile API. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-26352.