From Pwn2Own Automotive: More Autel Maxicharger Vulnerabilities

This report describes two firmware vulnerabilities in Autel EV charger software: an unsafe base64_decode implementation that lacks output-buffer length checking and a stack buffer overflow (CVE-2024-23957) in the Dynamic Load Balancing protocol when decoding oversized hex-encoded AES keys; both can cause memory corruption and potentially enable exploitation, and the report recommends API-level fixes or using Mbed TLS functions.