Wednesday, April 23, 2025
HomeBuffer over flowResearchers Hacked Car EV Chargers To Execute Arbitrary Code

Researchers Hacked Car EV Chargers To Execute Arbitrary Code

Published on

SIEM as a Service

Follow Us on Google News

Researchers discovered flaws in the Autel MaxiCharger EV charger that make it potential to execute arbitrary code on the device by just placing it within Bluetooth range.

The vulnerabilities tracked as CVE-2024-23958, CVE-2024-23959, and CVE-2024-23967 were identified during Pwn2Own Automotive 2024 in Tokyo.

The Autel MaxiCharger has significantly the most extensive hardware feature set, including the ability for consumers to pick which Open Charge Point Protocol (OCPP) URL the charger will connect to.

- Advertisement - Google News

Users can even configure a charger to function as a public charger, which entitles the owner to reimbursement for energy used and allows the charger to take any kind of RFID charging card.

Decoding Compliance: What CISOs Need to Know – Join Free Webinar

Vulnerabilities Identified

Bluetooth Low Energy(BLE) Authentication (CVE-2024-23958)

The vulnerability, which has a CVSS base score of 6.5, enables attackers nearby the network to bypass authentication on Autel MaxiCharger AC Elite Business C50 charging station installations that are impacted.

To take advantage of this vulnerability, authentication is not necessary.

The issue stems from the BLE AppAuthenRequest command handler. If the handler receives an unsuccessful authentication request, it will fall back on hardcoded credentials.

This vulnerability allows an attacker to bypass the system’s authentication process.

The issue was reported by Synacktiv and the team during Pwn2Own Automotive 2024.

Stack-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2024-23959)

With a CVSS base score of 8.0, this vulnerability allows network-adjacent attackers to run arbitrary code on vulnerable Autel MaxiCharger AC Elite Business C50 charging stations.

This vulnerability requires authentication, but it is possible to bypass the current authentication system.

There is a particular issue in the way the AppChargingControl BLE command is handled.

The problem arises from the user-supplied data not being properly validated for length before being copied to a fixed-length stack-based buffer.

The issue was reported by Synacktiv and the team during Pwn2Own Automotive 2024

Buffer Overflow Remote Code Execution Vulnerability (CVE-2024-23967)

This vulnerability, which has a CVSS base score of 8.0, enables attackers remotely to run arbitrary code on Autel MaxiCharger AC Elite Business C50 charger installations that are impacted.

The vulnerability specifically relates to how base64-encoded data is handled in WebSocket communications.

The problem arises from the user-supplied data not being properly validated for length before being copied to a fixed-length stack-based buffer.

This vulnerability can be used by an attacker to run code within the context of the device.

The issue was reported by Daan Keuper, Thijs Alkemade, and Khaled Nassar of Computest Sector 7.

Patch Released

Version 1.35.00 fixes the vulnerabilities. According to the ZDI advisory, bounds checks were added to prevent buffer overflows, and the backdoor authentication token has been removed.

Hence, these issues emphasize the significance of adhering to industry standards strictly and practicing secure code, among other recommended practices.

Simulating Cyberattack Scenarios With All-in-One Cybersecurity Platform – Watch Free Webinar

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Hackers Exploit Cloudflare Tunnel Infrastructure to Deploy Multiple Remote Access Trojans

The Sekoia TDR (Threat Detection & Research) team has reported on a sophisticated network...

Threat Actors Leverage npm and PyPI with Impersonated Dev Tools for Credential Theft

The Socket Threat Research Team has unearthed a trio of malicious packages, two hosted...

Hackers Exploit Legitimate Microsoft Utility to Deliver Malicious DLL Payload

Hackers are now exploiting a legitimate Microsoft utility, mavinject.exe, to inject malicious DLLs into...

Cybercriminals Exploit Network Edge Devices to Infiltrate SMBs

Small and midsized businesses (SMBs) continue to be prime targets for cybercriminals, with network...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hackers Exploit Cloudflare Tunnel Infrastructure to Deploy Multiple Remote Access Trojans

The Sekoia TDR (Threat Detection & Research) team has reported on a sophisticated network...

Threat Actors Leverage npm and PyPI with Impersonated Dev Tools for Credential Theft

The Socket Threat Research Team has unearthed a trio of malicious packages, two hosted...

Hackers Exploit Legitimate Microsoft Utility to Deliver Malicious DLL Payload

Hackers are now exploiting a legitimate Microsoft utility, mavinject.exe, to inject malicious DLLs into...