Approved changes feed: RSS · Atom
cpe:2.3:a:chargepoint:home_flex:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Chargepoint (c3d933bb-3f70-502e-8eab-9baec5c0fd34) |
|---|---|
| Product | Home Flex (e1bbd2da-d445-5634-ba62-e385402c4418) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-4157 |
vulnerable | 2026-06-08 08:05:12.709588 |
ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability
HIGH (7.5)
ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of OCPP messages. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26338.
Published: 2026-04-11T00:16:38.871Z
Updated: 2026-04-13T17:39:00.899Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-4156 |
vulnerable | 2026-06-08 08:05:12.709077 |
ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability
HIGH (7.5)
ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of OCPP messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26339.
Published: 2026-04-11T00:16:32.094Z
Updated: 2026-04-13T17:38:27.403Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-4155 |
vulnerable | 2026-06-08 08:05:12.705916 |
ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability
HIGH (7.5)
ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the genpw script. The issue results from the inclusion of a secret cryptographic seed value within the script. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-26340.
Published: 2026-04-11T00:16:25.621Z
Updated: 2026-04-13T17:23:38.780Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-7392 |
vulnerable | 2026-06-08 06:58:22.075904 |
ChargePoint Home Flex Bluetooth Low Energy Denial-of-Service Vulnerability
MEDIUM (4.3)
ChargePoint Home Flex Bluetooth Low Energy Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of ChargePoint Home Flex charging devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the connection handling of the Bluetooth Low Energy interface. The issue results from limiting the number of active connections to the product. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-21455.
Published: 2024-11-22T21:31:27.805Z
Updated: 2024-11-25T16:43:04.607Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-7391 |
vulnerable | 2026-06-08 06:58:22.074095 |
ChargePoint Home Flex Bluetooth Low Energy Information Disclosure Vulnerability
LOW (2.6)
ChargePoint Home Flex Bluetooth Low Energy Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging devices. User interaction is required to exploit this vulnerability.
The specific flaw exists within the Wi-Fi setup logic. By connecting to the device over Bluetooth Low Energy during the setup process, an attacker can obtain Wi-Fi credentials. An attacker can leverage this vulnerability to disclose credentials and gain access to the device owner's Wi-Fi network. Was ZDI-CAN-21454.
Published: 2024-11-22T21:31:18.047Z
Updated: 2024-11-26T15:59:17.260Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23971 |
vulnerable | 2026-06-08 06:29:41.014124 |
ChargePoint Home Flex OCPP bswitch Command Injection
HIGH (8.8)
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of OCPP messages. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.
Published: 2025-01-30T23:42:57.796Z
Updated: 2025-08-26T21:08:23.253Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23970 |
vulnerable | 2026-06-08 06:29:41.013325 |
ChargePoint Home Flex Improper Certificate Validation
MEDIUM (6.5)
This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the CURLOPT_SSL_VERIFYHOST setting. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root.
Published: 2025-01-30T23:40:49.963Z
Updated: 2025-08-26T21:02:52.773Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23969 |
vulnerable | 2026-06-08 06:29:41.012563 |
ChargePoint Home Flex wlanchnllst Out-Of-Bounds Write
HIGH (8.8)
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the wlanchnllst function. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root.
Published: 2025-01-30T23:37:22.462Z
Updated: 2025-08-26T21:02:16.174Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23968 |
vulnerable | 2026-06-08 06:29:41.012016 |
ChargePoint Home Flex SrvrToSmSetAutoChnlListMsg Stack-based Buffer Overflow
HIGH (8.8)
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the SrvrToSmSetAutoChnlListMsg function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.
Published: 2025-01-30T23:31:40.396Z
Updated: 2025-08-26T21:01:52.095Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23921 |
vulnerable | 2026-06-08 06:29:40.951912 |
ChargePoint Home Flex Command Injection
HIGH (8.8)
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the wlanapp module. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.
Published: 2025-01-31T00:17:52.652Z
Updated: 2025-07-01T13:34:34.362Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23920 |
vulnerable | 2026-06-08 06:29:40.947333 |
ChargePoint Home Flex Improper Access Control
HIGH (8.8)
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the onboardee module. The issue results from improper access control. An attacker can leverage this vulnerability to execute code in the context of root.
Published: 2025-01-31T00:15:11.427Z
Updated: 2025-07-01T13:35:46.718Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.