CVE-2025-8320
BaseFortify
Publication date: 2025-07-30
Last updated on: 2025-08-12
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tesla | wall_connector_firmware | to 24.44.3 (exc) |
| tesla | wall_connector | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1284 | The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a remote code execution flaw in Tesla Wall Connector devices caused by improper input validation of the HTTP Content-Length header. The device does not correctly validate the Content-Length value supplied by a user, which can lead to memory access beyond the allocated buffer. This allows an attacker on a network adjacent to the device to execute arbitrary code without needing authentication. [1]
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can execute arbitrary code on the affected Tesla Wall Connector device, potentially leading to full compromise of the device's confidentiality, integrity, and availability. This means the attacker could control the device, disrupt its operation, or access sensitive information without any authentication. [1]