Enphase Envoy_firmware

5 CVEs affecting Enphase Envoy_firmware. Latest disclosed: 2023-06-20. Critical: 1, High: 2.

Top CVEs affecting Enphase Envoy_firmware
CVESeverityScorePublishedSummary
CVE-2020-25753Critical9.82021-06-16An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. T…
CVE-2020-25755High8.82021-06-16An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authen…
CVE-2020-25754High7.52021-06-16An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authenti…
CVE-2023-33869Medium6.32023-06-20 Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands.
CVE-2020-25752Medium5.32021-06-16An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase accounts. The passw…