{"vulnerability": "CVE-2024-2397", "sightings": [{"uuid": "bbb5f26e-4dee-4ec8-aa14-6fa99980e688", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23973", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113919919489366975", "content": "", "creation_timestamp": "2025-01-30T23:33:43.173984Z"}, {"uuid": "74914fd1-a70e-4281-9441-07b7fe7a1795", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23970", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113919969185194340", "content": "", "creation_timestamp": "2025-01-30T23:46:20.357980Z"}, {"uuid": "84f14704-fba2-4cab-850e-31018e3460ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23971", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113919969200554758", "content": "", "creation_timestamp": "2025-01-30T23:46:20.619169Z"}, {"uuid": "7753ed73-c19c-4ec2-9435-4c80fb332a08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23970", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgypvjn4fb2c", "content": "", "creation_timestamp": "2025-01-31T00:17:15.628768Z"}, {"uuid": "da2b57f0-3051-4ae8-990a-d77202c4e3b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23971", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgypvlwb5l2j", "content": "", "creation_timestamp": "2025-01-31T00:17:18.038027Z"}, {"uuid": "4fc59dca-0751-4e66-af76-ede761a262ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23973", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgypvo2khm2t", "content": "", "creation_timestamp": "2025-01-31T00:17:20.813791Z"}, {"uuid": "100abbc4-ffa9-4e20-bfbd-e15650bf41f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23970", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgz2y2c6n42k", "content": "", "creation_timestamp": "2025-01-31T03:35:35.609079Z"}, {"uuid": "1f55f182-19b5-4531-8d47-4092a3b38cb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23973", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113924932139359408", "content": "", "creation_timestamp": "2025-01-31T20:48:29.691352Z"}, {"uuid": "1df0e2ac-d2ad-4b97-a3ea-3ac1ad03e6ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23971", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113924932067875765", "content": "", "creation_timestamp": "2025-01-31T20:48:30.092964Z"}, {"uuid": "c6b87bc1-9ca6-4451-8176-1498d1f83ce6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23970", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3529", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23970\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the CURLOPT_SSL_VERIFYHOST setting. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root.\n\ud83d\udccf Published: 2025-01-31T00:30:45Z\n\ud83d\udccf Modified: 2025-01-31T00:30:45Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-23970\n2. https://www.zerodayinitiative.com/advisories/ZDI-24-1052", "creation_timestamp": "2025-01-31T01:12:07.000000Z"}, {"uuid": "e7ab570d-2b56-4267-9d00-1232821f1add", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23971", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgz2y2nayc2e", "content": "", "creation_timestamp": "2025-01-31T03:35:37.277579Z"}, {"uuid": "33d424cf-aa53-4f6d-91be-f762ddb9d044", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23973", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgz2y3bnvd2k", "content": "", "creation_timestamp": "2025-01-31T03:35:40.180299Z"}, {"uuid": "43f6b390-7c1a-4372-b43a-ac047ad12e82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23971", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3549", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23971\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-01-31T00:15:09.920\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://www.zerodayinitiative.com/advisories/ZDI-24-1053/", "creation_timestamp": "2025-01-31T01:21:38.000000Z"}, {"uuid": "2d0bf68b-f956-4148-8010-8a1b382644cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23973", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3548", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23973\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-01-31T00:15:10.027\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://community.silabs.com/a45Vm0000000Atp\n2. https://www.zerodayinitiative.com/advisories/ZDI-24-873/", "creation_timestamp": "2025-01-31T01:21:38.000000Z"}, {"uuid": "3898c3f8-9c16-41f6-bcf8-f8e5fd0263a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23970", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3550", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23970\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-01-31T00:15:09.810\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://www.zerodayinitiative.com/advisories/ZDI-24-1052/", "creation_timestamp": "2025-01-31T01:21:39.000000Z"}, {"uuid": "8fd43ce5-7451-459a-bd88-3bdcd78628ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23973", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19951", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23973\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.\u00a0\n\nThe specific flaw exists within the handling of HTTP GET requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.\n\ud83d\udccf Published: 2025-01-30T23:28:55.542Z\n\ud83d\udccf Modified: 2025-06-30T17:53:31.238Z\n\ud83d\udd17 References:\n1. https://www.zerodayinitiative.com/advisories/ZDI-24-873/\n2. https://community.silabs.com/a45Vm0000000Atp", "creation_timestamp": "2025-06-30T18:08:04.000000Z"}, {"uuid": "f834dc98-15a5-4af9-a302-9553eadba99b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23971", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3527", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23971\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of OCPP messages. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.\n\ud83d\udccf Published: 2025-01-31T00:30:45Z\n\ud83d\udccf Modified: 2025-01-31T00:30:45Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-23971\n2. https://www.zerodayinitiative.com/advisories/ZDI-24-1053", "creation_timestamp": "2025-01-31T01:12:06.000000Z"}, {"uuid": "3580059a-fa0e-4fd3-959a-b2be71c4498e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23973", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3530", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23973\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.\u00a0\n\nThe specific flaw exists within the handling of HTTP GET requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.\n\ud83d\udccf Published: 2025-01-31T00:30:45Z\n\ud83d\udccf Modified: 2025-01-31T00:30:45Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-23973\n2. https://community.silabs.com/a45Vm0000000Atp\n3. https://www.zerodayinitiative.com/advisories/ZDI-24-873", "creation_timestamp": "2025-01-31T01:12:08.000000Z"}, {"uuid": "9eb3c626-c414-4f6e-8494-003b17981939", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23971", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19955", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23971\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of OCPP messages. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.\n\ud83d\udccf Published: 2025-01-30T23:42:57.796Z\n\ud83d\udccf Modified: 2025-06-30T17:43:13.112Z\n\ud83d\udd17 References:\n1. https://www.zerodayinitiative.com/advisories/ZDI-24-1053/", "creation_timestamp": "2025-06-30T18:08:11.000000Z"}, {"uuid": "ac452f51-c3b4-42f9-a0af-f41da111b483", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23970", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19954", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23970\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\ud83d\udd39 Description: This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the CURLOPT_SSL_VERIFYHOST setting. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root.\n\ud83d\udccf Published: 2025-01-30T23:40:49.963Z\n\ud83d\udccf Modified: 2025-06-30T17:45:32.044Z\n\ud83d\udd17 References:\n1. https://www.zerodayinitiative.com/advisories/ZDI-24-1052/", "creation_timestamp": "2025-06-30T18:08:10.000000Z"}, {"uuid": "11282beb-8b8d-4464-b98d-442ba1f9dfd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23973", "type": "seen", "source": "https://t.me/cvedetector/16850", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23973 - Silicon Labs Gecko OS HTTP GET Request Buffer Overflow Allows Arbitrary Code Execution over the Network\", \n  \"Content\": \"CVE ID : CVE-2024-23973 \nPublished : Jan. 31, 2025, 12:15 a.m. | 1\u00a0hour, 6\u00a0minutes ago \nDescription : This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.\u00a0  \n  \nThe specific flaw exists within the handling of HTTP GET requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T02:49:07.000000Z"}, {"uuid": "fe5a3360-67b8-4a4f-9515-87bcfc1018a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23972", "type": "seen", "source": "https://t.me/cvedetector/6187", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23972 - Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-23972 \nPublished : Sept. 23, 2024, 3:15 p.m. | 34\u00a0minutes ago \nDescription : Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability.  \n  \nThe specific flaw exists within the USB host driver. A crafted USB configuration descriptor can trigger an overflow of a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device.  \n  \nWas ZDI-CAN-23185 \nSeverity: 6.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-23T17:59:25.000000Z"}, {"uuid": "ded8fa94-bdf7-4d1b-b9c7-5fb7a110f3b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23970", "type": "seen", "source": "https://t.me/cvedetector/16858", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23970 - ChargePoint Home Flex Unauthorized SSL Validation (Certificate Forgery)\", \n  \"Content\": \"CVE ID : CVE-2024-23970 \nPublished : Jan. 31, 2025, 12:15 a.m. | 1\u00a0hour, 6\u00a0minutes ago \nDescription : This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.  \n  \nThe specific flaw exists within the CURLOPT_SSL_VERIFYHOST setting. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T02:49:18.000000Z"}, {"uuid": "c830cccd-ebf1-4dff-8d56-3b73ff3bf6a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23971", "type": "seen", "source": "https://t.me/cvedetector/16859", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23971 - ChargePoint Home Flex Root Arbitrary Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-23971 \nPublished : Jan. 31, 2025, 12:15 a.m. | 1\u00a0hour, 6\u00a0minutes ago \nDescription : This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.  \n  \nThe specific flaw exists within the handling of OCPP messages. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T02:49:19.000000Z"}, {"uuid": "92454bbc-e9cd-46ba-b7a9-3be945928030", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23978", "type": "seen", "source": "https://t.me/ctinow/192770", "content": "https://ift.tt/vDZpY7S\nCVE-2024-23978 | KDDI Home Spot Cube2 up to 102 invalid heap-based overflow", "creation_timestamp": "2024-02-25T08:06:47.000000Z"}, {"uuid": "ad156d76-4b36-4502-a490-1adbb6dc6e51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23978", "type": "seen", "source": "https://t.me/ctinow/177976", "content": "https://ift.tt/4OA3N1F\nCVE-2024-23978", "creation_timestamp": "2024-02-02T08:31:36.000000Z"}]}