CVE-2025-6678
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-25

Last updated on: 2025-09-10

Assigner: Zero Day Initiative

Description
Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Pile API. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-26352.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-25
Last Modified
2025-09-10
Generated
2026-05-07
AI Q&A
2025-06-25
EPSS Evaluated
2026-05-05
NVD
CVE-2025-6678
EUVD
EUVD-2025-28757
Affected Vendors & Products
Showing 27 associated CPEs
Vendor Product Version / Range
autel maxicharger_ac_elite_business_c50_firmware to 1.39.51 (exc)
autel maxicharger_ac_elite_business_c50_firmware to 1.56.51 (exc)
autel maxicharger_ac_elite_business_c50 *
autel maxicharger_ac_pro_firmware to 1.39.51 (exc)
autel maxicharger_ac_pro_firmware to 1.56.51 (exc)
autel maxicharger_ac_pro *
autel maxicharger_ac_ultra_firmware to 1.39.51 (exc)
autel maxicharger_ac_ultra_firmware to 1.56.51 (exc)
autel maxicharger_ac_ultra *
autel maxicharger_dc_compact_mobile_firmware to 1.39.51 (exc)
autel maxicharger_dc_compact_mobile_firmware to 1.56.51 (exc)
autel maxicharger_dc_compact_mobile *
autel maxicharger_dc_compact_pedestal_firmware to 1.39.51 (exc)
autel maxicharger_dc_compact_pedestal_firmware to 1.56.51 (exc)
autel maxicharger_dc_compact_pedestal *
autel maxicharger_dc_fast_firmware to 1.39.51 (exc)
autel maxicharger_dc_fast_firmware to 1.56.51 (exc)
autel maxicharger_dc_fast *
autel maxicharger_dc_hipower_firmware to 1.39.51 (exc)
autel maxicharger_dc_hipower_firmware to 1.56.51 (exc)
autel maxicharger_dc_hipower *
autel maxicharger_dh480_firmware to 1.39.51 (exc)
autel maxicharger_dh480_firmware to 1.56.51 (exc)
autel maxicharger_dh480 *
autel maxicharger_single_charger_firmware to 1.39.51 (exc)
autel maxicharger_single_charger_firmware to 1.56.51 (exc)
autel maxicharger_single_charger *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Autel MaxiCharger AC Wallbox Commercial charging stations, specifically in the Pile API. It is caused by missing authentication controls, allowing remote attackers to access sensitive information without needing to authenticate. Attackers can exploit this flaw remotely with low complexity and no user interaction, leading to disclosure of credentials and potential further compromise of the system. [1]


How can this vulnerability impact me? :

The vulnerability can impact you by allowing remote attackers to disclose sensitive information, including credentials, without any authentication. This can lead to unauthorized access and further compromise of the affected charging stations, potentially exposing confidential data and undermining system security. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart