Enphase

Envoy Firmware

5 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-33869

  • EPSS 0.25%
  • Veröffentlicht 20.06.2023 20:15:09
  • Zuletzt bearbeitet 21.11.2024 08:06:06

Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands.

8.8

CVE-2020-25755

Exploit
  • EPSS 3.12%
  • Veröffentlicht 16.06.2021 19:15:32
  • Zuletzt bearbeitet 21.11.2024 05:18:40

An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary commands via the force parameter.

7.5

CVE-2020-25754

Exploit
  • EPSS 0.35%
  • Veröffentlicht 16.06.2021 19:15:27
  • Zuletzt bearbeitet 21.11.2024 05:18:40

An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password derived from the MD5 hash of the username and serial nu...

9.8

CVE-2020-25753

Exploit
  • EPSS 1.68%
  • Veröffentlicht 16.06.2021 19:15:23
  • Zuletzt bearbeitet 21.11.2024 05:18:40

An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml.

5.3

CVE-2020-25752

Exploit
  • EPSS 0.79%
  • Veröffentlicht 16.06.2021 19:15:17
  • Zuletzt bearbeitet 21.11.2024 05:18:39

An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase accounts. The passwords for these accounts are hardcoded values derived from the MD5 hash of the username and ...