Enphase Envoy_firmware
5 CVEs affecting Enphase Envoy_firmware. Latest disclosed: 2023-06-20. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-25753 | Critical | 9.8 | 2021-06-16 | An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. T… |
CVE-2020-25755 | High | 8.8 | 2021-06-16 | An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authen… |
CVE-2020-25754 | High | 7.5 | 2021-06-16 | An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authenti… |
CVE-2023-33869 | Medium | 6.3 | 2023-06-20 | Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands. |
CVE-2020-25752 | Medium | 5.3 | 2021-06-16 | An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase accounts. The passw… |