Weak Password Vulnerability in Enphase Envoy by Enphase Energy
CVE-2019-7676

7.2HIGH

Key Information:

Vendor

Enphase

Status
Envoy
Vendor
CVE Published:
9 February 2019

What is CVE-2019-7676?

A weak password vulnerability has been identified in Enphase Envoy R3.. that enables unauthorized access to the admin account. This issue arises when logging into the device via TCP port 8888, where an insecure default password can be exploited. As a result, attackers could gain administrative privileges and perform unauthorized actions. Users are strongly advised to review their security settings and update passwords to mitigate potential risks.

References

https://github.com/pudding2/enphase-energy/blob/master/we...
x_refsource_MISC
https://github.com/pudding2/enphase-energy/blob/master/we...
x_refsource_MISC
https://github.com/pudding2/enphase-energy/blob/master/we...
x_refsource_MISC

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.