The specific flaw exists within the CURLOPT_SSL_VERIFYHOST setting. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root.
Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application
Link | Providers |
---|---|
https://www.zerodayinitiative.com/advisories/ZDI-24-1052/ |
![]() ![]() |
Thu, 01 May 2025 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Chargepoint
Chargepoint home Flex Hardwired Chargepoint home Flex Hardwired Firmware Chargepoint home Flex Nema 14-50 Plug Chargepoint home Flex Nema 14-50 Plug Firmware Chargepoint home Flex Nema 6-50 Plug Chargepoint home Flex Nema 6-50 Plug Firmware |
|
CPEs | cpe:2.3:h:chargepoint:home_flex_hardwired:-:*:*:*:*:*:*:* cpe:2.3:h:chargepoint:home_flex_nema_14-50_plug:-:*:*:*:*:*:*:* cpe:2.3:h:chargepoint:home_flex_nema_6-50_plug:-:*:*:*:*:*:*:* cpe:2.3:o:chargepoint:home_flex_hardwired_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:chargepoint:home_flex_nema_14-50_plug_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:chargepoint:home_flex_nema_6-50_plug_firmware:-:*:*:*:*:*:*:* |
|
Vendors & Products |
Chargepoint
Chargepoint home Flex Hardwired Chargepoint home Flex Hardwired Firmware Chargepoint home Flex Nema 14-50 Plug Chargepoint home Flex Nema 14-50 Plug Firmware Chargepoint home Flex Nema 6-50 Plug Chargepoint home Flex Nema 6-50 Plug Firmware |
Fri, 31 Jan 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-295 | |
Metrics |
cvssV3_1
|
Fri, 31 Jan 2025 00:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CURLOPT_SSL_VERIFYHOST setting. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. | |
Title | ChargePoint Home Flex Improper Certificate Validation | |
References |
|

Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2025-08-26T21:02:52.773Z
Reserved: 2024-01-25T00:14:42.599Z
Link: CVE-2024-23970

Updated: 2025-01-31T19:06:53.674Z

Status : Modified
Published: 2025-01-31T00:15:09.810
Modified: 2025-08-26T21:15:46.077
Link: CVE-2024-23970

No data.

No data.