Lucene search
K

110 matches found

Positive Technologies
Positive Technologies
added 2025/08/01 12:0 a.m.5 views

PT-2025-31673 · Chargepoint · Chargepoint Home Flex

Name of the Vulnerable Software and Affected Versions: ChargePoint Home Flex version 5.5.4.13 Description: The software does not validate a user-controlled string for bz2 decompression, which can lead to command execution as the nobody user. Recommendations: At the moment, there is no information...

7.8CVSS6.4AI score0.00186EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/01 12:0 a.m.4 views

CVE-2025-54564

uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user...

7.4AI score0.00186EPSS
Exploits0References1
CVE
CVE
added 2025/08/01 12:0 a.m.15 views

CVE-2025-54564

The CVE-2025-54564 entry affects ChargePoint Home Flex 5.5.4.13. It stems from the uploadsm component failing to validate a user-controlled string during bz2 decompression, enabling command execution as the nobody user. According to the initial data, this is a local vulnerability with a CVSS 3.1 ...

7.8CVSS7.4AI score0.00186EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/01 12:0 a.m.5 views

ChargePoint Home Flex 安全漏洞

ChargePoint Home Flex is a series of electric vehicle charging devices from ChargePoint USA. A security vulnerability exists in ChargePoint Home Flex version 5.5.4.13, which originates from an unauthenticated user-controlled bz2 decompression string that could lead to command execution...

7.8CVSS7.1AI score0.00186EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/01 12:0 a.m.12 views

CVE-2025-54564

uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user...

0.00186EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:43 a.m.6 views

CVE-2024-23970

This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CURLOPTSSLVERIFYHOST setting. The issue...

6.5CVSS6.8AI score0.00226EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:39 a.m.8 views

CVE-2024-23968

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SrvrToSmSetAutoChnlListMsg function. The issue...

8.8CVSS7.2AI score0.0047EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:10 a.m.8 views

CVE-2024-23921

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanapp module. The issue results from the lack of...

8.8CVSS7.1AI score0.00492EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:10 a.m.8 views

CVE-2024-23920

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the onboardee module. The issue results from improper...

8.8CVSS7.2AI score0.00493EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:10 a.m.8 views

CVE-2024-23969

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanchnllst function. The issue results from the...

8.8CVSS7.2AI score0.0047EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:10 a.m.14 views

CVE-2024-23971

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OCPP messages. The issue results from...

8.8CVSS7.1AI score0.0049EPSS
Exploits0References1
NVD
NVD
added 2025/01/31 1:15 a.m.13 views

CVE-2024-23920

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the onboardee module. The issue results from improper...

8.8CVSS0.00493EPSS
Exploits0References1
NVD
NVD
added 2025/01/31 1:15 a.m.24 views

CVE-2024-23921

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanapp module. The issue results from the lack of...

8.8CVSS0.00492EPSS
Exploits0References1
CVE
CVE
added 2025/01/31 12:17 a.m.664 views

CVE-2024-23921

CVE-2024-23921 concerns the ChargePoint Home Flex wlanapp module. The vulnerability arises from insufficient validation of a user-supplied string used to construct a system call, enabling network-adjacent attackers to execute arbitrary code with root privileges. The flaw is exploitable without au...

8.8CVSS6.8AI score0.00492EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/01/31 12:17 a.m.28 views

CVE-2024-23921 ChargePoint Home Flex Command Injection

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanapp module. The issue results from the lack of...

8.8CVSS0.00492EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/31 12:17 a.m.9 views

CVE-2024-23921 ChargePoint Home Flex Command Injection

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanapp module. The issue results from the lack of...

8.8CVSS8.8AI score0.00492EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/31 12:15 a.m.10 views

CVE-2024-23920 ChargePoint Home Flex Improper Access Control

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the onboardee module. The issue results from improper...

8.8CVSS8.9AI score0.00493EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/31 12:15 a.m.15 views

CVE-2024-23920 ChargePoint Home Flex Improper Access Control

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the onboardee module. The issue results from improper...

8.8CVSS0.00493EPSS
Exploits0References1
CVE
CVE
added 2025/01/31 12:15 a.m.89 views

CVE-2024-23920

ChargePoint Home Flex devices contain a vulnerability in the onboardee module caused by improper access control. The issue enables network-adjacent attackers to execute arbitrary code with root privileges, without authentication. Multiple sources acknowledge the flaw and its impact, including ZDI...

8.8CVSS6.9AI score0.00493EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/01/31 12:15 a.m.28 views

CVE-2024-23968

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SrvrToSmSetAutoChnlListMsg function. The issue...

8.8CVSS0.0047EPSS
Exploits0References1
Rows per page
Query Builder