MEDIUM🇵🇱 Wersja polska

CVE-2024-23970

CVSS 6.5v3.1pub. 2025-01-31upd. 2025-09-30

This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CURLOPT_SSL_VERIFYHOST setting. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root.

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • Chargepoint Home Flex Hardwired

    HW
    Chargepoint
    wszystkie wersje
  • Chargepoint Home Flex Hardwired Firmware

    OS
    Chargepoint
    wszystkie wersje
  • Chargepoint Home Flex Nema 14 50 Plug

    HW
    Chargepoint
    wszystkie wersje
  • Chargepoint Home Flex Nema 14 50 Plug Firmware

    OS
    Chargepoint
    wszystkie wersje
  • Chargepoint Home Flex Nema 6 50 Plug

    HW
    Chargepoint
    wszystkie wersje
  • Chargepoint Home Flex Nema 6 50 Plug Firmware

    OS
    Chargepoint
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-23920HIGH8.8ten sam produkt

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Ch...

CVE-2024-23921HIGH8.8ten sam produkt

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Ch...

CVE-2024-23968HIGH8.8ten sam produkt

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Ch...

CVE-2024-23969HIGH8.8ten sam produkt

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Ch...

CVE-2024-23971HIGH8.8ten sam produkt

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Ch...