-
CVE-2024-23921 – ChargePoint Home Flex Root Code Execution Vulnerability
CVE ID : CVE-2024-23921 Published : Jan. 31, 2025, 1:15 a.m. | 1 day, 2 hours ago Description : This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanapp module. The issue results from…
-
CVE-2024-23971 – ChargePoint Home Flex Root Arbitrary Code Execution
CVE ID : CVE-2024-23971 Published : Jan. 31, 2025, 12:15 a.m. | 1 day, 3 hours ago Description : This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OCPP messages. The issue…
-
CVE-2024-23973 – Silicon Labs Gecko OS HTTP GET Request Buffer Overflow Allows Arbitrary Code Execution over the Network
CVE ID : CVE-2024-23973 Published : Jan. 31, 2025, 12:15 a.m. | 1 day, 3 hours ago Description : This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP GET requests. The issue…
-
CVE-2024-23969 – ChargePoint Home Flex Rce (Buffer Overflow)
CVE ID : CVE-2024-23969 Published : Jan. 31, 2025, 12:15 a.m. | 1 day, 3 hours ago Description : This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanchnllst function. The issue results from…
-
CVE-2024-23963 – Alpine Halo9 Bluetooth PBAP Code Execution Vulnerability
CVE ID : CVE-2024-23963 Published : Jan. 31, 2025, 12:15 a.m. | 1 day, 3 hours ago Description : This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this…
-
CVE-2024-23968 – ChargePoint Home Flex Stack Based Buffer Overflow
CVE ID : CVE-2024-23968 Published : Jan. 31, 2025, 12:15 a.m. | 1 day, 3 hours ago Description : This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SrvrToSmSetAutoChnlListMsg function. The issue results from…
-
CVE-2024-23928 – Pioneer DMH-WT7600NEX Certificate Validation Vulnerability
CVE ID : CVE-2024-23928 Published : Jan. 31, 2025, 12:15 a.m. | 1 day, 3 hours ago Description : This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the telematics functionality, which operates over…
-
How Trustwave’s Fusion Platform Analyzes Ransomware Tactics in the Energy Sector: A Comprehensive Overview
Trustwave SpiderLabs has multiple methods and tools available to keep its teams apprised of the tactics, techniques, and procedures (TTPs) threat groups utilize during an attack, but perhaps the most useful is our cloud-native Fusion dashboard. Go to Source
-
Accelerate Your Journey with the Microsoft End Customer Investment Funds (ECIF) Program
As a long-time Microsoft partner, Trustwave is well-positioned to help an organization tap into the Microsoft End Customer Investment Funds (ECIF) Program. Go to Source
-
Inside APT34 (OilRig): Tools, Techniques, and Global Cyber Threats
This blog is the latest in a series that delves into the deep research conducted daily by the Trustwave SpiderLabs team on major threat actor groups currently operating globally. Go to Source