How severe is CVE-2024-7391?

This vulnerability has a severity rating of LOW with a CVSS score of 2.6 out of 10.

What type of vulnerability is CVE-2024-7391?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2024-7391 - LOW Severity | CVSS 2.6

Vulnerability Description

ChargePoint Home Flex Bluetooth Low Energy Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging devices. User interaction is required to exploit this vulnerability. The specific flaw exists within the Wi-Fi setup logic. By connecting to the device over Bluetooth Low Energy during the setup process, an attacker can obtain Wi-Fi credentials. An attacker can leverage this vulnerability to disclose credentials and gain access to the device owner's Wi-Fi network. Was ZDI-CAN-21454.

Related Vulnerabilities

CVE-2015-4961

LOW

CVSS:2.6(Low)

IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A be...

CWE-2002015

CVE-2017-0096

LOW

CVSS:2.6(Low)

Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows gue...

CWE-2002017

CVE-2024-1949

LOW

CVSS:2.6(Low)

A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post c...

CWE-2002024

CVE-2024-52513

LOW

CVSS:2.6(Low)

Nextcloud Server is a self hosted personal cloud system. After receiving a "Files drop" or "Password protected" share link a malicious user was able to download attachments that are referenced in Text...

CWE-2002024

CVE-2025-20030

LOW

CVSS:2.6(Low)

Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information discl...

CWE-2002025

CVE-2016-0259

LOW

CVSS:2.5(Low)

runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp authority requirement and obtain sensitive information via unspecified display commands.

CWE-2002016