A critical remote code execution vulnerability has been discovered in multiple Tesla products, specifically affecting the Wall Connector. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted network request to a vulnerable device, allowing them to take full control. Successful exploitation could lead to service disruption of charging equipment and potentially provide a foothold for attackers to move deeper into the connected network.

The vulnerability exists within the web server component of the Tesla Wall Connector firmware. The software fails to properly validate the Content-Length header in incoming HTTP requests. An attacker can send a request with a maliciously crafted Content-Length value that causes a buffer overflow, allowing them to overwrite adjacent memory. By supplying a carefully constructed payload, the attacker can execute arbitrary code on the device with the privileges of the web server process, leading to a full system compromise.

This vulnerability is rated as High severity with a CVSS score of 8.8, posing a significant risk to organizations. A successful exploit allows an attacker to gain complete control over the charging infrastructure, which could lead to operational disruption, denial of service for vehicle charging, and potential manipulation of the device's functions. Furthermore, a compromised Wall Connector connected to a corporate or home network could be used as a pivot point to launch further attacks against other internal systems, posing a serious data breach and network security risk. This could result in reputational damage, financial loss, and safety concerns.

Immediate Action: Organizations must prioritize the application of security patches provided by Tesla to all affected Wall Connectors, with an immediate focus on any systems that are internet-facing. After patching, review system and web server access logs for any anomalous requests, particularly those with malformed or unusually large Content-Length values, that may indicate past or ongoing exploitation attempts.

Proactive Monitoring: Implement continuous monitoring of network traffic to and from the Wall Connectors. Configure Intrusion Detection/Prevention Systems (IDS/IPS) to alert on and potentially block HTTP requests containing suspicious Content-Length headers. Monitor for any unusual outbound connections originating from the Wall Connectors, as this could be a sign of a successful compromise.

Compensating Controls: If immediate patching is not feasible, implement network segmentation to isolate the Wall Connectors from critical internal networks, limiting the potential impact of a compromise. Deploy a Web Application Firewall (WAF) or a reverse proxy to inspect and sanitize incoming HTTP traffic, specifically to normalize or reject requests with invalid Content-Length headers before they reach the vulnerable device.

Public Exploit Available: false

Given the high CVSS score of 8.8 and the risk of remote code execution, this vulnerability requires immediate attention. Although it is not yet listed in the CISA KEV catalog, its severity warrants a proactive and urgent response. We strongly recommend that all organizations using the affected Tesla products apply the vendor-supplied patches immediately to mitigate this risk. If patching is delayed, the compensating controls outlined above should be implemented as a critical temporary measure to reduce the attack surface.