{"vulnerability": "CVE-2024-2392", "sightings": [{"uuid": "519254ff-ec7d-4b11-ab6f-3f93e7bcfe14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23924", "type": "seen", "source": "https://bsky.app/profile/thezdi.bsky.social/post/3lgfedodb6k27", "content": "", "creation_timestamp": "2025-01-23T07:29:50.805305Z"}, {"uuid": "55e9a1f4-458d-41f8-9c99-b1d6ab9ea891", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23924", "type": "seen", "source": "https://infosec.exchange/users/thezdi/statuses/113876493951219677", "content": "", "creation_timestamp": "2025-01-23T07:30:00.953457Z"}, {"uuid": "a6501a0d-6011-4484-8604-3614b8b24727", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23924", "type": "seen", "source": "https://bsky.app/profile/thezdi.bsky.social/post/3lgfmonvt5s27", "content": "", "creation_timestamp": "2025-01-23T09:59:12.238600Z"}, {"uuid": "bfd8ae29-d81d-4cd3-a188-475817805e82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23924", "type": "seen", "source": "https://infosec.exchange/users/thezdi/statuses/113877081706194873", "content": "", "creation_timestamp": "2025-01-23T09:59:30.078462Z"}, {"uuid": "107cc0ba-8146-476f-af53-026981d77814", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23928", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113920073719391266", "content": "", "creation_timestamp": "2025-01-31T00:12:55.395426Z"}, {"uuid": "0477266c-4607-455f-8188-d21d1c27f2e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23928", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgypuyoexh27", "content": "", "creation_timestamp": "2025-01-31T00:16:57.768616Z"}, {"uuid": "74449d4e-0ebf-41e6-857c-c8cf7a461fc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23928", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113924460796479716", "content": "", "creation_timestamp": "2025-01-31T18:48:39.294298Z"}, {"uuid": "ee36162d-af59-4739-95b7-edf3219a32b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23920", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113924460896102213", "content": "", "creation_timestamp": "2025-01-31T18:48:39.901827Z"}, {"uuid": "d0ea8f89-1ebd-4777-988b-6de46121c77f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23921", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113924460940331866", "content": "", "creation_timestamp": "2025-01-31T18:48:46.113176Z"}, {"uuid": "7d18c92c-74fc-44a7-af56-ea2bc7cc591f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23929", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113924461007964610", "content": "", "creation_timestamp": "2025-01-31T18:48:46.472069Z"}, {"uuid": "302bb372-9552-4794-a346-5b67bfdb676e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23928", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113920092736379815", "content": "", "creation_timestamp": "2025-01-31T00:17:45.645374Z"}, {"uuid": "f8747c21-3bf1-4a2b-a545-5cf014852b9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23921", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgz2xzr3rm2b", "content": "", "creation_timestamp": "2025-01-31T03:35:32.706865Z"}, {"uuid": "90f3d686-091b-4f10-ab71-2fb06f27f227", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23920", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113920157373486439", "content": "", "creation_timestamp": "2025-01-31T00:34:11.814991Z"}, {"uuid": "bbd9ded3-3b36-4274-b2c0-4706c95d7574", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23929", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113920157405208995", "content": "", "creation_timestamp": "2025-01-31T00:34:12.242903Z"}, {"uuid": "937f1d42-02c3-4dcf-a4c2-364e33af92de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23921", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113920157389677987", "content": "", "creation_timestamp": "2025-01-31T00:34:12.075349Z"}, {"uuid": "576963f8-0563-4ba3-8914-d3facb9948c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23920", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgyt5uuyri2t", "content": "", "creation_timestamp": "2025-01-31T01:15:37.033386Z"}, {"uuid": "a7e4b344-d4e1-4eb6-9d73-3cfb4496aae0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23921", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgyt5x4g7s2c", "content": "", "creation_timestamp": "2025-01-31T01:15:39.503943Z"}, {"uuid": "680763bf-7580-4615-9aaa-4e812954cd04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23929", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgyt5zh3e42i", "content": "", "creation_timestamp": "2025-01-31T01:15:41.947406Z"}, {"uuid": "91937b2c-d632-4aa9-a50b-38c4bceb5012", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23928", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgz2y2fryf2w", "content": "", "creation_timestamp": "2025-01-31T03:35:36.170654Z"}, {"uuid": "ee23ad93-e239-400e-87ec-96e8a32fe451", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23929", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgz2y2jlsc2e", "content": "", "creation_timestamp": "2025-01-31T03:35:36.723253Z"}, {"uuid": "5548f09d-059f-41bc-870a-f5407f385a63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23920", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgz2y322q32g", "content": "", "creation_timestamp": "2025-01-31T03:35:38.969692Z"}, {"uuid": "85a7d6e0-8657-460b-8fda-60e932d34f60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23920", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3569", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23920\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the onboardee module. The issue results from improper access control. An attacker can leverage this vulnerability to execute code in the context of root.\n\ud83d\udccf Published: 2025-01-31T03:32:13Z\n\ud83d\udccf Modified: 2025-01-31T03:32:13Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-23920\n2. https://www.zerodayinitiative.com/advisories/ZDI-24-1048", "creation_timestamp": "2025-01-31T04:12:59.000000Z"}, {"uuid": "97994181-2201-4426-8888-00e809c479e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23924", "type": "seen", "source": "https://bsky.app/profile/thezdi.bsky.social/post/3lgdczxofdc27", "content": "", "creation_timestamp": "2025-01-22T12:01:16.490004Z"}, {"uuid": "a27d7aa4-8232-4db0-a6f3-a675d77f2c61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23928", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/20037", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23928\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\ud83d\udd39 Description: This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the telematics functionality, which operates over HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.\n\ud83d\udccf Published: 2025-01-31T00:09:46.661Z\n\ud83d\udccf Modified: 2025-07-01T13:38:31.405Z\n\ud83d\udd17 References:\n1. https://www.zerodayinitiative.com/advisories/ZDI-24-1045/\n2. https://jpn.pioneer/ja/car/dl/dmh-sz700_sf700/", "creation_timestamp": "2025-07-01T14:11:25.000000Z"}, {"uuid": "410a7f79-fad7-4026-9772-5bcd0e673aff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23928", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3538", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23928\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the telematics functionality, which operates over HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.\n\ud83d\udccf Published: 2025-01-31T00:30:44Z\n\ud83d\udccf Modified: 2025-01-31T00:30:44Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-23928\n2. https://www.zerodayinitiative.com/advisories/ZDI-24-1045", "creation_timestamp": "2025-01-31T01:12:21.000000Z"}, {"uuid": "b1d42fc3-b980-402f-9a45-f12efa482813", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23929", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3566", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23929\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the telematics functionality. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.\n\ud83d\udccf Published: 2025-01-31T03:32:13Z\n\ud83d\udccf Modified: 2025-01-31T03:32:13Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-23929\n2. https://www.zerodayinitiative.com/advisories/ZDI-24-1044", "creation_timestamp": "2025-01-31T04:12:56.000000Z"}, {"uuid": "b941ae0d-1a2b-4335-9bff-66720c75c135", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23921", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3573", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23921\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the wlanapp module. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.\n\ud83d\udccf Published: 2025-01-31T03:32:13Z\n\ud83d\udccf Modified: 2025-01-31T03:32:13Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-23921\n2. https://www.zerodayinitiative.com/advisories/ZDI-24-1049", "creation_timestamp": "2025-01-31T04:13:05.000000Z"}, {"uuid": "85de5dac-71dc-486b-9075-9322870e201d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23921", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8469", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23921\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the wlanapp module. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.\n\ud83d\udccf Published: 2025-01-31T00:17:52.652Z\n\ud83d\udccf Modified: 2025-03-24T16:12:47.159Z\n\ud83d\udd17 References:\n1. https://www.zerodayinitiative.com/advisories/ZDI-24-1049/", "creation_timestamp": "2025-03-24T16:23:00.000000Z"}, {"uuid": "61801db0-540a-40a2-90da-9119a1f747ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23929", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/20038", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23929\n\ud83d\udd25 CVSS Score: 7.3 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)\n\ud83d\udd39 Description: This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the telematics functionality. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.\n\ud83d\udccf Published: 2025-01-31T00:13:03.982Z\n\ud83d\udccf Modified: 2025-07-01T13:37:17.684Z\n\ud83d\udd17 References:\n1. https://www.zerodayinitiative.com/advisories/ZDI-24-1044/\n2. https://jpn.pioneer/ja/car/dl/dmh-sz700_sf700/", "creation_timestamp": "2025-07-01T14:11:26.000000Z"}, {"uuid": "ee1be060-5627-41d3-8240-0ccecee755b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23920", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19941", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23920\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the onboardee module. The issue results from improper access control. An attacker can leverage this vulnerability to execute code in the context of root.\n\ud83d\udccf Published: 2025-01-31T00:15:11.427Z\n\ud83d\udccf Modified: 2025-06-30T17:01:07.889Z\n\ud83d\udd17 References:\n1. https://www.zerodayinitiative.com/advisories/ZDI-24-1048/", "creation_timestamp": "2025-06-30T17:07:24.000000Z"}, {"uuid": "3468f6eb-b8b6-46c0-ba5d-7451ef1d0657", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23929", "type": "seen", "source": "https://t.me/cvedetector/16869", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23929 - Pioneer DMH-WT7600NEX:Filer Bypass Root Forgery\", \n  \"Content\": \"CVE ID : CVE-2024-23929 \nPublished : Jan. 31, 2025, 1:15 a.m. | 2\u00a0hours, 14\u00a0minutes ago \nDescription : This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.  \n  \nThe specific flaw exists within the telematics functionality. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T04:29:45.000000Z"}, {"uuid": "ee342019-579b-4b51-99da-4896c99a6b88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23921", "type": "seen", "source": "https://t.me/cvedetector/16868", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23921 - ChargePoint Home Flex Root Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-23921 \nPublished : Jan. 31, 2025, 1:15 a.m. | 2\u00a0hours, 14\u00a0minutes ago \nDescription : This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.  \n  \nThe specific flaw exists within the wlanapp module. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T04:29:41.000000Z"}, {"uuid": "5f1c3b91-4f15-473b-a42f-4e76254d7ac1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23920", "type": "seen", "source": "https://t.me/cvedetector/16867", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23920 - ChargePoint Home Flex Unauthenticated Root Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-23920 \nPublished : Jan. 31, 2025, 1:15 a.m. | 2\u00a0hours, 14\u00a0minutes ago \nDescription : This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.  \n  \nThe specific flaw exists within the onboardee module. The issue results from improper access control. An attacker can leverage this vulnerability to execute code in the context of root. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T04:29:40.000000Z"}, {"uuid": "3f9b4fc3-b065-4da9-a2f9-c2c2e5851b3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23928", "type": "seen", "source": "https://t.me/cvedetector/16851", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23928 - Pioneer DMH-WT7600NEX Certificate Validation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-23928 \nPublished : Jan. 31, 2025, 12:15 a.m. | 1\u00a0hour, 6\u00a0minutes ago \nDescription : This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability.  \n  \nThe specific flaw exists within the telematics functionality, which operates over HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T02:49:08.000000Z"}, {"uuid": "53a50bd4-f85c-4fcb-8915-57518b3937be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23924", "type": "seen", "source": "https://t.me/cvedetector/6603", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23924 - Alpine Halo9 Command Injection Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-23924 \nPublished : Sept. 28, 2024, 7:15 a.m. | 36\u00a0minutes ago \nDescription : Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability.  \n  \nThe specific flaw exists within the UPDM_wemCmdCreatSHA256Hash function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.  \n  \nWas ZDI-CAN-23105 \nSeverity: 6.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-28T10:18:20.000000Z"}, {"uuid": "607d74ac-2064-4da8-b6bd-dbb9cf02db40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23923", "type": "seen", "source": "https://t.me/cvedetector/6602", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23923 - Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-23923 \nPublished : Sept. 28, 2024, 7:15 a.m. | 36\u00a0minutes ago \nDescription : Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability.  \n  \nThe specific flaw exists within the prh_l2_sar_data_ind function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of root.  \n  \nWas ZDI-CAN-22945 \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-28T10:18:19.000000Z"}, {"uuid": "913a19e9-2d9c-448e-bacf-35eb0af32d5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23922", "type": "seen", "source": "https://t.me/cvedetector/6184", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23922 - Sony XAV-AX5500 Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-23922 \nPublished : Sept. 23, 2024, 3:15 p.m. | 34\u00a0minutes ago \nDescription : Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability.  \n  \nThe specific flaw exists within the handling of software updates. The issue results from the lack of proper validation of software update packages. An attacker can leverage this vulnerability to execute code in the context of the device.  \n  \nWas ZDI-CAN-22939 \nSeverity: 6.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-23T17:59:23.000000Z"}]}