CVE-2024-23920
📋 TL;DR
CVE-2024-23920 is a critical vulnerability in ChargePoint Home Flex charging stations that allows network-adjacent attackers to execute arbitrary code as root without authentication. The flaw exists in the onboardee module due to improper access control. All users of affected ChargePoint Home Flex charging stations are at risk.
💻 Affected Systems
- ChargePoint Home Flex charging stations
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the charging station allowing attackers to execute arbitrary code as root, potentially disrupting charging operations, stealing user data, or using the device as a foothold into home networks.
Likely Case
Attackers on the same network could gain root access to the charging station, potentially disabling charging functionality, accessing user account information, or using the device for further attacks.
If Mitigated
With proper network segmentation and access controls, the impact is limited to the charging station itself without lateral movement into other network segments.
🎯 Exploit Status
Exploitation requires network adjacency but no authentication. The vulnerability is in the onboardee module with improper access control allowing root code execution.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Specific version not publicly disclosed in available references
Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-24-1048/
Restart Required: No
Instructions:
1. Check for firmware updates in the ChargePoint mobile app or web portal. 2. Apply any available firmware updates for your ChargePoint Home Flex charging station. 3. Verify the update completes successfully.
🔧 Temporary Workarounds
Network Segmentation
allIsolate the charging station on a separate VLAN or network segment to limit attack surface
Network Access Control
allImplement MAC address filtering or firewall rules to restrict which devices can communicate with the charging station
🧯 If You Can't Patch
- Physically disconnect the charging station from the network when not in use
- Place the charging station on an isolated network segment with strict firewall rules
🔍 How to Verify
Check if Vulnerable:
Check your ChargePoint Home Flex firmware version and compare against patched versions when available from ChargePointCheck Version:
Check firmware version in ChargePoint mobile app under device settings or through the ChargePoint web portalVerify Fix Applied:
Verify firmware has been updated to a version that addresses CVE-2024-23920 through the ChargePoint app or web interface📡 Detection & Monitoring
Log Indicators:
- Unusual network connections to the charging station
- Unexpected firmware modification attempts
- Authentication bypass attempts
Network Indicators:
- Unusual traffic patterns to/from the charging station on port 80/443
- Attempts to access onboardee module endpoints
SIEM Query:
source_ip IN (charging_station_ip) AND (http_user_agent CONTAINS 'unusual' OR destination_port IN (80,443) AND protocol='TCP' AND bytes_sent > threshold)