Felix Buchmann

Name of the Vulnerable Software and Affected Versions: Affected versions not specified Description: An unauthenticated remote attacker can alter the device configuration to achieve remote code execution as root with specific configurations. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Autel MaxiCharger AC Wallbox Commercial autocharge (affected versions not specified) **Description** The issue is a stack-based buffer overflow that allows for remote code execution. It was discovered by Tobias Scharnowski, Felix Buchmann, and Kristian Covic. The vulnerability was demonstrated at Pwn2Own. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WOLFBOX Level 2 EV Charger (affected versions not specified) **Description** This issue allows network-adjacent attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger devices. The flaw exists within the handling of cryptographic keys used in vendor-specific encrypted communications, resulting from the lack of proper initialization of a variable prior to accessing it. An attacker can leverage this to bypass authentication on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ChargePoint Home Flex (affected versions not specified) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the `SrvrToSmSetAutoChnlListMsg` function, resulting from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this issue to execute code in the context of root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ChargePoint Home Flex (affected versions not specified) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the `wlanchnllst` function, resulting from the lack of proper validation of user-supplied data, which can cause a write past the end of an allocated buffer. An attacker can leverage this to execute code in the context of root. **Recommendations** As a temporary workaround, consider disabling the `wlanchnllst` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Sony XAV-AX5500 (affected versions not specified) **Description** This issue allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this issue. The specific flaw exists within the USB host driver. A crafted USB configuration descriptor can trigger an overflow of a fixed-length buffer. An attacker can leverage this issue to execute code in the context of the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Sony XAV-AX5500 (affected versions not specified) **Description** This issue allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this issue. The specific flaw exists within the handling of software updates, resulting from the lack of proper validation of software update packages. An attacker can leverage this issue to execute code in the context of the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Phoenix Contact CHARX SEC-3100 (affected versions not specified) **Description** An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bluetooth HCI (affected versions not specified) **Description** The issue is related to inconsistent handling of error cases in Bluetooth HCI, which may lead to a double free condition of a network buffer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.