Primary

Context

ChargePoint Home Flex Improper Certificate Validation Vulnerability Allowing Code Execution

Vulnerability

A vulnerability exists in ChargePoint Home Flex charging stations, allowing network-adjacent attackers to compromise transport security. The issue arises from improper validation of the server's certificate, specifically related to the CURLOPT_SSL_VERIFYHOST setting. This flaw can be exploited without authentication and may be leveraged alongside other vulnerabilities to execute code with root privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution in the context of the root user.

Remediation

The vendor has stated that the vulnerability has been addressed, but verification is pending. As a mitigation strategy, it is recommended to restrict interaction with the application.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ChargePoint Home Flex Improper Certificate Validation Vulnerability Allowing Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating