CVE-2024-7392
Dec. 3, 2024, 10:17 p.m.
Tags
CVSS Score
Products Impacted
Vendor | Product | Versions |
---|---|---|
chargepoint |
|
|
Description
ChargePoint Home Flex Bluetooth Low Energy Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of ChargePoint Home Flex charging devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the connection handling of the Bluetooth Low Energy interface. The issue results from limiting the number of active connections to the product. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-21455.
Weaknesses
CWE-410
Insufficient Resource Pool
The product's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources.
CWE ID: 410Date
Published: Nov. 22, 2024, 10:15 p.m.
Last Modified: Dec. 3, 2024, 10:17 p.m.
Status : Analyzed
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
zdi-disclosures@trendmicro.com
CPEs
Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
---|---|---|---|---|---|---|---|---|---|---|
o | chargepoint | home_flex_firmware | 5.5.3.13 | / | / | / | / | / | / | / |
h | chargepoint | home_flex | - | / | / | / | / | / | / | / |
CVSS Data
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
Exploitability Score
Impact Score
Base Severity
MEDIUMCVSS Vector String
The CVSS vector string provides an in-depth view of the vulnerability metrics.
View Vector StringCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H