Описание
Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growatt ShineLan-X communication dongle.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.6.0.0 (включая) до 3.6.0.2 (исключая)
Одновременно
cpe:2.3:o:growatt:shine_lan-x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:growatt:shine_lan-x:-:*:*:*:*:*:*:*
EPSS
Процентиль: 8%
0.0003
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-798
Связанные уязвимости
CVSS3: 9.8
github
около 2 месяцев назад
Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growatt ShineLan-X communication dongle.
EPSS
Процентиль: 8%
0.0003
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-798