CVE-2024-23959
📋 TL;DR
This vulnerability allows attackers on the same network to execute arbitrary code on Autel MaxiCharger AC Elite Business C50 charging stations by exploiting a stack-based buffer overflow in the BLE AppChargingControl command. Although authentication is required, the authentication mechanism can be bypassed. This affects organizations using these specific charging stations.
💻 Affected Systems
- Autel MaxiCharger AC Elite Business C50
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of charging station allowing attackers to disrupt charging operations, manipulate billing data, or use the device as a foothold into connected networks.
Likely Case
Attackers gaining control of charging stations to disrupt operations, potentially causing service outages or manipulating charging parameters.
If Mitigated
Limited impact with proper network segmentation and monitoring, though the vulnerability remains present.
🎯 Exploit Status
Authentication bypass required but possible according to advisory; requires BLE access and knowledge of the protocol
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in available references
Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-24-851/
Restart Required: Yes
Instructions:
1. Contact Autel support for firmware update
2. Download latest firmware from Autel portal
3. Apply firmware update following manufacturer instructions
4. Restart charging station
🔧 Temporary Workarounds
Network Segmentation
allIsolate charging stations on separate VLANs with strict firewall rules
BLE Access Control
allRestrict BLE access to authorized devices only using MAC filtering or similar controls
🧯 If You Can't Patch
- Segment charging station network from critical infrastructure
- Implement strict network monitoring for unusual BLE traffic patterns
🔍 How to Verify
Check if Vulnerable:
Check firmware version against vendor advisory; test with ZDI-24-851 proof-of-concept if availableCheck Version:
Check via Autel management interface or device display (specific command not documented)Verify Fix Applied:
Verify firmware version matches patched version from vendor; test that BLE AppChargingControl command no longer causes buffer overflow📡 Detection & Monitoring
Log Indicators:
- Unusual BLE connection attempts
- Multiple failed authentication attempts followed by AppChargingControl commands
- Device restart events
Network Indicators:
- Unusual BLE traffic patterns to charging stations
- Multiple connection attempts from single source
SIEM Query:
source="charging_station" AND (event="authentication_failure" OR command="AppChargingControl")