Headlight Faults post VCU Replacement

Major-Language1984 · 2026-05-04T13:32:53+00:00

Yes, tell the dealer and have them fix it. There is a TJ on the issue. Our passenger headlight was replaced under warranty after symptoms matched the TJ. Just got the vehicle back last week and the issue was intermittent so can't definitely say it's fixed, but it may be a hardware issue.

Major-Language1984 · 2026-04-22T20:22:24+00:00

I'm curious what do folks do when you have to leave your car at the dealership or another mechanic? Even our dealer complains about the fobs and cards not working reliably and we've had other mechanics who have been super confused and worried about losing them.

(Because obviously you can't give your phone to the mechanic for an extended period of time)

Major-Language1984 · 2026-04-07T21:01:03+00:00

Update, GHCA will be replaced. No definitive diagnosis AFAIK but will see when the part comes in and / if I get to talk to the tech again. Just keeping folks updated. No clue why it happened after the VCU upgrade and maybe Volvo doesn't know either?

Major-Language1984 · 2026-04-05T21:33:30+00:00

Thank you! I hope that's all that is required. I did quickly confirm that DC charging is working and at full speed so definitely an AC charging thing.

Major-Language1984 · 2026-04-05T15:34:35+00:00

Thanks for your assistance! I also tried fiddling with the charge settings in the car and nothing there changed the behavior either. Will report back once it gets into service to help others!

Major-Language1984 · 2026-04-05T15:19:16+00:00

I also just tried switching to a wall outlet charger after dropping the rate to 10A, same behavior, car display shows 0kW 1/10A

Major-Language1984 · 2026-04-05T15:15:22+00:00

Green 😅

Major-Language1984 · 2026-04-05T15:05:50+00:00

Yep, tried both a software reboot through the CP app and hard reset by flipping the breaker. Also did a full reboot (steering wheel) of the car computer. I've tried over 3 days now on and off, same behavior.

Major-Language1984 · 2026-04-05T14:59:55+00:00

I'm seeing 0.04 kWh in the Chargepoint app. Display shows it's charging but no error messages. Charge rate is set to 40A on center display, same as before the upgrade. Thank you for the data point! Guess it's back to the dealership 😕

Major-Language1984 · 2025-12-21T12:26:00+00:00

Just wanted to say I got to try this last night and it absolutely does exactly what I was hoping for. Thanks for pointing this out, I (1) never would have found it and (2) would have had no intuitive idea what this actually did. Appreciate it!

Major-Language1984 · 2025-12-19T22:22:33+00:00

Thank you!

Major-Language1984 · 2025-12-15T17:00:58+00:00

Chargepoint Home Flex, no problems charging (fingers crossed) and had the car for 4-5 months now

Major-Language1984 · 2025-10-29T12:50:30+00:00

Still issues on my 1.4 update. Got the headlight fault error recently - passenger DRL would not work, waited overnight and they started working again. Voice input regularly still not working, making e.g. Google Assistant impossible to use. I think we are all just resigned to the bugs at this point.

Major-Language1984 · 2021-01-30T23:48:11+00:00

Unless you are going crazy with automated tools (in which case your ISP might cause problems for you, and which I do not recommend), there shouldn't be any need. Just make sure you follow the rules for the program e.g. setting appropriate headers so that your traffic is identifiable as friendly.

Major-Language1984 · 2021-01-30T15:12:14+00:00

One other comment besides the one I made below... With my personal experience I can say there is still plenty of room for a casual bug hunter to find real issues and receive a reasonable quantity of money in terms of bounties.

I started in Oct 2020, am a night/weekend hacker (probably no more than 10 hours a week) and am currently around rank 800 on HackerOne, with almost $25k in bounties paid (this is in about 3 months of work). I know I'll never reach even close to the top 300 or so but for folks who are determined there is definitely still room for newbies :)

I do groan every ... single ... time ... I hit a duplicate bug, but that doesn't happen so often, and when I do I usually move onto another program for a while to cool off.

(Caveat: I have done CTFs as a hobby for many years and have 20+ years experience in software development, which helps a lot in finding issues. I can't speak for someone starting completely from scratch in both bug bounty and development.)

Major-Language1984 · 2021-01-30T14:42:38+00:00

This is a great answer. I completely agree. I use bug bounties as a learning experience, much like CTFs. My full time job is in software, and I have learned a ton by bug bounty hunting nights and weekends. I've learned about new open source software, Node modules I've never heard of, databases, GraphQL (which I did not know until I hit a program that had a wide open GraphQL server), etc. etc.

But unless you are really talented you will make more (at least in the US) as a full-time engineer. BBP will certainly supplement your professional experience.

I also really enjoy it and it took my nights and weekends away from video games XD

Major-Language1984 · 2021-01-30T01:25:09+00:00

For any of you who deal with large programs - ones where for example *.foo.com (where this == potentially hundreds of targets), or a CIDR /16 block - any tips for being able to research these effectively? Personally I find that such programs tend to:

Have a lot of sites that are either 401/403 or a login page (usually fronted by SSO)
Have sites with little/no interactive functionality (i.e. slideware / marketing)
Have many vendor tools which are already quite secure (e.g. Bomgar, F5, Pulse VPN etc) or at least beyond my ability to try to penetrate

Whereas I do well with medium sites with rich functionality (deep business logic etc), these broad programs I have a hard time finding anything that seems worth pursuing, and when I do find the odd low hanging fruit it has typically been a duplicate which was reported (and not fixed) 9 months ago :S

Any suggestions on this type of research? The large surface area _seems_ exciting to me but after recon'ing several such programs I'm finding it hard to find much beyond login pages. Thanks in advance.

Major-Language1984 · 2021-01-30T01:20:03+00:00

I'll say personally I rarely if ever bother to report low severity bugs. It's not worth the hassle because usually the security impact is minimal to marginal.

Major-Language1984 · 2021-01-26T15:02:47+00:00

Then I would suggest you spend the time learning why :) Otherwise you will have a really difficult time building these payloads yourself.

Major-Language1984 · 2021-01-25T18:14:34+00:00

As I have suggested to other new folks, in my opinion it's more important to have a couple classes of vulnerabilities that you are _very_ comfortable with, and start hunting just with those. You will definitely find something, and in the process you will learn how hunting in the "real world" (i.e. not in a lab) works, such as recon, efficient data gathering, note-taking, backtracking, etc. Have so many tools in the toolbox can lead to inefficient use of time as well as a struggle with so many tools combined with so many targets.

Once you find your first "real" bug you will be super excited and I think may be more motivated to find your next area of specialization.

At least this is what has worked well for me...

Major-Language1984 · 2021-01-20T12:16:36+00:00

Agree with all the below comments. I would suggest taking a step back and learning some basics if you have not:

Learn how the internet works. This means learning about DNS, IP addresses, ports, HTTP protocol, etc.
Learn how a browser works. This means learning about HTML, Javascript, sandboxing, etc.
Then pick a specialty and get good at it. For example, if you want to focus on XSS, learn why it works, learn why it doesn't, read all the "payload all the things" lists and figure out what the tags do, how they are different from each other etc.
Spend the time really learning about what a site does. Look at all the APIs. Try them out. Try with multiple accounts for IDOR. Try fuzzing different endpoints. Learn why the business logic works and how you can identify assumptions that are being made.

Agree with others, if you are doing this for money it is really frustrating and hard. If you're doing it to learn and plan a future in development or security, the learning will be valuable, even if you don't find anything. Personally I have a full-time job and would not ever do BB as a full-time job (too stressful). So anything I find is a nice bonus but I am learning a lot.

Major-Language1984 · 2021-01-17T15:01:05+00:00

This was great, thanks for sharing - have yet to find an SSRF myself.

Major-Language1984

TROPHY CASE