Today > | 4 High | 23 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-7392

Dec. 3, 2024, 10:17 p.m.

CVSS Score

6.5 / 10

Products Impacted

Vendor Product Versions
chargepoint
  • home_flex_firmware
  • home_flex
  • 5.5.3.13
  • -

Description

ChargePoint Home Flex Bluetooth Low Energy Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of ChargePoint Home Flex charging devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the connection handling of the Bluetooth Low Energy interface. The issue results from limiting the number of active connections to the product. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-21455.

Weaknesses

CWE-410
Insufficient Resource Pool

The product's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources.

CWE ID: 410

Date

Published: Nov. 22, 2024, 10:15 p.m.

Last Modified: Dec. 3, 2024, 10:17 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

zdi-disclosures@trendmicro.com

CPEs

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o chargepoint home_flex_firmware 5.5.3.13 / / / / / / /
h chargepoint home_flex - / / / / / / /

CVSS Data

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

Base Score
6.5
Exploitability Score
2.8
Impact Score
3.6
Base Severity
MEDIUM
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

https://www.zerodayinitiative.com/ zdi-disclosures@trendmicro.com