CVE-2024-23920

High CVSS: 8.8

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the onboardee module. The issue results from improper access control. An attacker can leverage this vulnerability to execute code in the context of root.

Vendor

Chargepoint

Product

Home Flex Nema 14-50 Plug Firmware

CWE

CWE-284

Yayın Tarihi

2025-01-31 01:15:09

Güncelleme

2025-07-01 14:15:31

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-284 Home Flex Nema 14-50 Plug Firmware HIGH Chargepoint 2025

Referanslar

https://www.zerodayinitiative.com/advisories/ZDI-24-1048/

Benzer Kayıtlar

High

CVE-2024-23921

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint…

High

CVE-2024-23968

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint…

High

CVE-2024-23969

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint…

Medium

CVE-2024-23970

This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of Charg…

High

CVE-2024-23971

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint…