Vulnerability Details CVE-2019-7676
A weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.7%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
- https://github.com/pudding2/enphase-energy/blob/master/weak_password.txt
- https://github.com/pudding2/enphase-energy/blob/master/weak_password_1.png
- https://github.com/pudding2/enphase-energy/blob/master/weak_password_2.png
- https://github.com/pudding2/enphase-energy/blob/master/weak_password.txt
- https://github.com/pudding2/enphase-energy/blob/master/weak_password_1.png
- https://github.com/pudding2/enphase-energy/blob/master/weak_password_2.png
Products affected by CVE-2019-7676
-
cpe:2.3:a:enphase:envoy:3.0.0
-
cpe:2.3:a:enphase:envoy:3.5.0
-
cpe:2.3:a:enphase:envoy:3.6.0
-
cpe:2.3:a:enphase:envoy:3.7.0
-
cpe:2.3:a:enphase:envoy:3.8.0
-
cpe:2.3:a:enphase:envoy:3.9.0