HIGH🇬🇧 English

CVE-2024-23920

CVSS 8.8v3.1pub. 2025-01-31upd. 2025-07-01

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the onboardee module. The issue results from improper access control. An attacker can leverage this vulnerability to execute code in the context of root.

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Chargepoint Home Flex Hardwired

    HW
    Chargepoint
    wszystkie wersje
  • Chargepoint Home Flex Hardwired Firmware

    OS
    Chargepoint
    wszystkie wersje
  • Chargepoint Home Flex Nema 14 50 Plug

    HW
    Chargepoint
    wszystkie wersje
  • Chargepoint Home Flex Nema 14 50 Plug Firmware

    OS
    Chargepoint
    wszystkie wersje
  • Chargepoint Home Flex Nema 6 50 Plug

    HW
    Chargepoint
    wszystkie wersje
  • Chargepoint Home Flex Nema 6 50 Plug Firmware

    OS
    Chargepoint
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2024-23921HIGH8.8ten sam produkt

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Ch...

CVE-2024-23968HIGH8.8ten sam produkt

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Ch...

CVE-2024-23969HIGH8.8ten sam produkt

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Ch...

CVE-2024-23971HIGH8.8ten sam produkt

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Ch...

CVE-2024-23970MEDIUM6.5ten sam produkt

This vulnerability allows network-adjacent attackers to compromise transport security on affected installation...

CVE-2024-23920 — HIGH 8.8 | CVEbaza.pl