PT-2024-38320 · Chargepoint · Chargepoint Home Flex
Todd Manning
·
Published
2024-08-01
·
Updated
2024-12-03
·
CVE-2024-7392
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
ChargePoint Home Flex (affected versions not specified)
Description
This issue allows network-adjacent attackers to create a denial-of-service condition on affected installations of ChargePoint Home Flex charging devices. The specific flaw exists within the connection handling of the Bluetooth Low Energy interface, where limiting the number of active connections to the product can be exploited to create a denial-of-service condition. Authentication is not required to exploit this issue.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chargepoint Home Flex