PT-2024-38319 · Chargepoint · Chargepoint Home Flex
Todd Manning
·
Published
2024-08-01
·
Updated
2024-12-03
·
CVE-2024-7391
CVSS v3.1
5.7
Medium
| Vector | AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ChargePoint Home Flex (affected versions not specified)
Description
This issue allows network-adjacent attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging devices. The specific flaw exists within the Wi-Fi setup logic. By connecting to the device over Bluetooth Low Energy during the setup process, an attacker can obtain Wi-Fi credentials. An attacker can leverage this issue to disclose credentials and gain access to the device owner's Wi-Fi network. User interaction is required to exploit this issue.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chargepoint Home Flex