110 matches found
PT-2025-31673 · Chargepoint · Chargepoint Home Flex
Name of the Vulnerable Software and Affected Versions: ChargePoint Home Flex version 5.5.4.13 Description: The software does not validate a user-controlled string for bz2 decompression, which can lead to command execution as the nobody user. Recommendations: At the moment, there is no information...
CVE-2025-54564
uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user...
CVE-2025-54564
The CVE-2025-54564 entry affects ChargePoint Home Flex 5.5.4.13. It stems from the uploadsm component failing to validate a user-controlled string during bz2 decompression, enabling command execution as the nobody user. According to the initial data, this is a local vulnerability with a CVSS 3.1 ...
ChargePoint Home Flex 安全漏洞
ChargePoint Home Flex is a series of electric vehicle charging devices from ChargePoint USA. A security vulnerability exists in ChargePoint Home Flex version 5.5.4.13, which originates from an unauthenticated user-controlled bz2 decompression string that could lead to command execution...
CVE-2025-54564
uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user...
CVE-2024-23970
This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CURLOPTSSLVERIFYHOST setting. The issue...
CVE-2024-23968
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SrvrToSmSetAutoChnlListMsg function. The issue...
CVE-2024-23921
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanapp module. The issue results from the lack of...
CVE-2024-23920
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the onboardee module. The issue results from improper...
CVE-2024-23969
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanchnllst function. The issue results from the...
CVE-2024-23971
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OCPP messages. The issue results from...
CVE-2024-23920
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the onboardee module. The issue results from improper...
CVE-2024-23921
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanapp module. The issue results from the lack of...
CVE-2024-23921
CVE-2024-23921 concerns the ChargePoint Home Flex wlanapp module. The vulnerability arises from insufficient validation of a user-supplied string used to construct a system call, enabling network-adjacent attackers to execute arbitrary code with root privileges. The flaw is exploitable without au...
CVE-2024-23921 ChargePoint Home Flex Command Injection
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanapp module. The issue results from the lack of...
CVE-2024-23921 ChargePoint Home Flex Command Injection
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanapp module. The issue results from the lack of...
CVE-2024-23920 ChargePoint Home Flex Improper Access Control
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the onboardee module. The issue results from improper...
CVE-2024-23920 ChargePoint Home Flex Improper Access Control
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the onboardee module. The issue results from improper...
CVE-2024-23920
ChargePoint Home Flex devices contain a vulnerability in the onboardee module caused by improper access control. The issue enables network-adjacent attackers to execute arbitrary code with root privileges, without authentication. Multiple sources acknowledge the flaw and its impact, including ZDI...
CVE-2024-23968
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SrvrToSmSetAutoChnlListMsg function. The issue...