The first vulnerability involved a Bluetooth function that did not limit the client message length, enabling remote code execution through a buffer overflow.
Synacktiv's research revealed critical flaws in the Autel Maxicharger firmware, which were addressed promptly with a firmware update to enhance security.
Reverse engineering revealed that while v1.32 allowed for unchecked buffer lengths, v1.35 successfully implemented a length restriction to prevent potential exploits.
Both vulnerabilities were patched in Autel's firmware v1.35, demonstrating their commitment to resolving identified security issues before public disclosure.
Collection
[
|
...
]