MEDIUM🇬🇧 English

CVE-2024-7391

CVSS 5.7v3.1pub. 2024-11-22upd. 2024-12-03

ChargePoint Home Flex Bluetooth Low Energy Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging devices. User interaction is required to exploit this vulnerability. The specific flaw exists within the Wi-Fi setup logic. By connecting to the device over Bluetooth Low Energy during the setup process, an attacker can obtain Wi-Fi credentials. An attacker can leverage this vulnerability to disclose credentials and gain access to the device owner's Wi-Fi network. Was ZDI-CAN-21454.

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
  • Chargepoint Home Flex

    HW
    Chargepoint
    wszystkie wersje
  • Chargepoint Home Flex Firmware

    OS
    Chargepoint
    5.5.3.13
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-7392MEDIUM6.5ten sam produkt

ChargePoint Home Flex Bluetooth Low Energy Denial-of-Service Vulnerability. This vulnerability allows network-...

CVE-2026-4156HIGH7.5ten sam vendor

ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulne...

CVE-2026-4157HIGH7.5ten sam vendor

ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vulnerability...

CVE-2026-4155HIGH7.5ten sam vendor

ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. ...

CVE-2024-23968HIGH8.8ten sam vendor

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Ch...