CVE-2024-23920
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Jan 31, 2025
CWE ID 94
Summary
CVE-2024-23920 is a new vulnerability affecting ChargePoint Home Flex charging stations. This issue allows network-adjacent attackers to execute arbitrary code on affected installations without requiring authentication. The root cause of this vulnerability lies in the onboardee module, where improper access control enables attackers to exploit the flaw and run code with root privileges. This vulnerability poses a significant risk to the security of ChargePoint Home Flex charging stations and requires immediate attention from users and administrators.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share