CVE-2024-7392

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 22, 2024
Updated: Dec 3, 2024
CWE ID 410

Summary

CVE-2024-7392 is a denial-of-service vulnerability affecting ChargePoint Home Flex charging devices with Bluetooth Low Energy interfaces. Network-adjacent attackers can exploit this flaw without authentication, leading to a disruption of service. The root cause is the limited number of active connections to the product, enabling an attacker to overload the system and cause a denial-of-service condition. This vulnerability, originally identified as ZDI-CAN-21455, was reported to ChargePoint and the Zero Day Initiative.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share