CVE-2024-7391

CVSS 3.1 Score 5.7 of 10 (medium)

Details

Published Nov 22, 2024
Updated: Dec 3, 2024
CWE ID 200

Summary

CVE-2024-7391 is a vulnerability affecting ChargePoint Home Flex charging devices. This issue enables network-adjacent attackers to disclose sensitive information during the device's Bluetooth Low Energy setup process. By connecting to the charging station, adversaries can obtain Wi-Fi credentials, potentially granting them access to the device owner's network. This vulnerability, identified as ZDI-CAN-21454, requires user interaction to be exploited.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share