exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 3

CVE-2025-7770

около 1 месяца назад

Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID requirements for certain commands, this enables unauthorized access to sensitive device functions on connected solar optimization systems.

EPSS: Низкий

GHSA-gjpw-wr3x-q236

около 1 месяца назад

Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID requirements for certain commands, this enables unauthorized access to sensitive device functions on connected solar optimization systems.

EPSS: Низкий

BDU:2025-09578

около 1 месяца назад

Уязвимость средства мониторинга и управления солнечными энергетическими системами Tigo Cloud Connect Advanced (CCA), связанная с некорректной генерацией идентификаторов сеансов, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

CVSS3: 8.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2025-7770 Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID requirements for certain commands, this enables unauthorized access to sensitive device functions on connected solar optimization systems.		0% Низкий	около 1 месяца назад
GHSA-gjpw-wr3x-q236 Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID requirements for certain commands, this enables unauthorized access to sensitive device functions on connected solar optimization systems.		0% Низкий	около 1 месяца назад
BDU:2025-09578 Уязвимость средства мониторинга и управления солнечными энергетическими системами Tigo Cloud Connect Advanced (CCA), связанная с некорректной генерацией идентификаторов сеансов, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации	CVSS3: 8.8	0% Низкий	около 1 месяца назад

Уязвимостей на страницу