CVE-2024-23920 – ChargePoint Home Flex onboardee Improper Access Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23920
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. ... An attacker can leverage this vulnerability to execute code in the context of root. •
CVE-2024-23921 – ChargePoint Home Flex wlanapp Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23921
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. ... The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. •
CVE-2024-23969 – ChargePoint Home Flex wlanchnllst Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23969
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. ... An attacker can leverage this vulnerability to execute code in the context of root. •
CVE-2024-23928 – Pioneer DMH-WT7600NEX Telematics Improper Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2024-23928
An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. •
CVE-2024-40645 – FOG Authenticated File Upload RCE
https://notcve.org/view.php?id=CVE-2024-40645
An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. • https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/packages/web/lib/pages/fogconfigurationpage.class.php#L2860-L2896 https://github.com/FOGProject/fogproject/commit/9469606a18bf8887740cceed6593a2e0380b5e0c https://github.com/FOGProject/fogproject/security/advisories/GHSA-59mq-q8g5-2f4f • CWE-434: Unrestricted Upload of File with Dangerous Type •