Primary

Context

ChargePoint Home Flex Sensitive Information Disclosure Vulnerability

Vulnerability

A vulnerability in ChargePoint Home Flex charging stations allows remote attackers to disclose sensitive information. The issue arises from the genpw script, which includes a secret cryptographic seed value. This vulnerability can be exploited to reveal stored credentials, potentially leading to further compromise. Authentication is not required to exploit this vulnerability.

Impact

Exploitation of this vulnerability could result in the unauthorized disclosure of sensitive information, specifically stored credentials, which could be used to compromise affected systems.

Remediation

Users can update to ChargePoint Home Flex firmware version 5.5.4.22 to address this vulnerability.

Added: Apr 11, 2026, 1:22 AM

Updated: Apr 11, 2026, 1:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

5.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

5.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ChargePoint Home Flex Sensitive Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating