Name of the Vulnerable Software and Affected Versions:

Tesla Wall Connector versions 24.44.1

Tesla Wall Connector version 24.44.3

Description:

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Wall Connector devices without authentication. The issue stems from improper validation of the HTTP `Content-Length` header, leading to potential memory access beyond allocated buffer boundaries. An attacker can exploit this to execute code within the device's context.

Recommendations:

Tesla Wall Connector version 24.44.1: Update to version 24.44.3 or later to resolve this issue.