CVE-2024-23920

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 31, 2025
CWE ID 94

Summary

CVE-2024-23920 is a new vulnerability affecting ChargePoint Home Flex charging stations. This issue allows network-adjacent attackers to execute arbitrary code on affected installations without requiring authentication. The root cause of this vulnerability lies in the onboardee module, where improper access control enables attackers to exploit the flaw and run code with root privileges. This vulnerability poses a significant risk to the security of ChargePoint Home Flex charging stations and requires immediate attention from users and administrators.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share