HIGH🇬🇧 English

CVE-2024-23969

CVSS 8.8v3.1pub. 2025-01-31upd. 2025-09-30

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanchnllst function. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root.

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Chargepoint Home Flex Hardwired

    HW
    Chargepoint
    wszystkie wersje
  • Chargepoint Home Flex Hardwired Firmware

    OS
    Chargepoint
    wszystkie wersje
  • Chargepoint Home Flex Nema 14 50 Plug

    HW
    Chargepoint
    wszystkie wersje
  • Chargepoint Home Flex Nema 14 50 Plug Firmware

    OS
    Chargepoint
    wszystkie wersje
  • Chargepoint Home Flex Nema 6 50 Plug

    HW
    Chargepoint
    wszystkie wersje
  • Chargepoint Home Flex Nema 6 50 Plug Firmware

    OS
    Chargepoint
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2024-23920HIGH8.8ten sam produkt

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Ch...

CVE-2024-23921HIGH8.8ten sam produkt

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Ch...

CVE-2024-23968HIGH8.8ten sam produkt

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Ch...

CVE-2024-23971HIGH8.8ten sam produkt

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Ch...

CVE-2024-23970MEDIUM6.5ten sam produkt

This vulnerability allows network-adjacent attackers to compromise transport security on affected installation...

CVE-2024-23969 — HIGH 8.8 | CVEbaza.pl