CVE-2020-25754

Опубликовано: 16 июн. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password derived from the MD5 hash of the username and serial number. The serial number can be retrieved by an unauthenticated user at /info.xml. Attempts to change the user password via passwd or other tools have no effect.

Ссылки

https://enphase.com/en-us/products-and-services/envoy-and-combiner
Product
Vendor Advisory
https://medium.com/stage-2-security/can-solar-controllers-be-used-to-generate-fake-clean-energy-credits-4a7322e7661a
Exploit
Third Party Advisory
https://stage2sec.com
Third Party Advisory
https://enphase.com/en-us/products-and-services/envoy-and-combiner
Product
Vendor Advisory
https://medium.com/stage-2-security/can-solar-controllers-be-used-to-generate-fake-clean-energy-credits-4a7322e7661a
Exploit
Third Party Advisory
https://stage2sec.com
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:enphase:envoy_firmware:d4.0:*:*:*:*:*:*:*

cpe:2.3:o:enphase:envoy_firmware:r3.0:*:*:*:*:*:*:*

cpe:2.3:h:enphase:envoy:-:*:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00354

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-916

Связанные уязвимости

GHSA-cq4j-2685-h9rw

github

больше 3 лет назад