Chargepoint
Products
2- 12 CVEs
- 3 CVEs
Recent CVEs
12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-54564 | Hig | 0.51 | 7.8 | 0.00 | Aug 1, 2025 | uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user. | ||
| CVE-2026-4157 | Hig | 0.49 | 7.5 | 0.01 | Apr 11, 2026 | ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex devices. Authentication is not required to exploit this… | ||
| CVE-2026-4156 | Hig | 0.49 | 7.5 | 0.00 | Apr 11, 2026 | ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Authentication is not required to… | ||
| CVE-2026-4155 | Hig | 0.49 | 7.5 | 0.01 | Apr 11, 2026 | ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging stations. Authentication is not… | ||
| CVE-2024-23921 | 0.00 | — | 0.00 | Jan 31, 2025 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanapp module. The issue… | |||
| CVE-2024-23920 | 0.00 | — | 0.00 | Jan 31, 2025 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the onboardee module. The issue… | |||
| CVE-2024-23971 | 0.00 | — | 0.00 | Jan 30, 2025 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OCPP messages. The… | |||
| CVE-2024-23970 | 0.00 | — | 0.00 | Jan 30, 2025 | This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CURLOPT_SSL_VERIFYHOST… | |||
| CVE-2024-23969 | 0.00 | — | 0.00 | Jan 30, 2025 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanchnllst function. The issue… | |||
| CVE-2024-23968 | 0.00 | — | 0.00 | Jan 30, 2025 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SrvrToSmSetAutoChnlListMsg… | |||
| CVE-2024-7392 | 0.00 | — | 0.01 | Nov 22, 2024 | ChargePoint Home Flex Bluetooth Low Energy Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of ChargePoint Home Flex charging devices. Authentication is not required to exploit… | |||
| CVE-2024-7391 | 0.00 | — | 0.00 | Nov 22, 2024 | ChargePoint Home Flex Bluetooth Low Energy Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging devices. User interaction is required to exploit… |
- risk 0.51cvss 7.8epss 0.00
uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user.
- risk 0.49cvss 7.5epss 0.01
ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex devices. Authentication is not required to exploit this…
- risk 0.49cvss 7.5epss 0.00
ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Authentication is not required to…
- risk 0.49cvss 7.5epss 0.01
ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging stations. Authentication is not…
- CVE-2024-23921Jan 31, 2025risk 0.00cvss —epss 0.00
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanapp module. The issue…
- CVE-2024-23920Jan 31, 2025risk 0.00cvss —epss 0.00
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the onboardee module. The issue…
- CVE-2024-23971Jan 30, 2025risk 0.00cvss —epss 0.00
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OCPP messages. The…
- CVE-2024-23970Jan 30, 2025risk 0.00cvss —epss 0.00
This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CURLOPT_SSL_VERIFYHOST…
- CVE-2024-23969Jan 30, 2025risk 0.00cvss —epss 0.00
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanchnllst function. The issue…
- CVE-2024-23968Jan 30, 2025risk 0.00cvss —epss 0.00
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SrvrToSmSetAutoChnlListMsg…
- CVE-2024-7392Nov 22, 2024risk 0.00cvss —epss 0.01
ChargePoint Home Flex Bluetooth Low Energy Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of ChargePoint Home Flex charging devices. Authentication is not required to exploit…
- CVE-2024-7391Nov 22, 2024risk 0.00cvss —epss 0.00
ChargePoint Home Flex Bluetooth Low Energy Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging devices. User interaction is required to exploit…