Shodan
Maps
Images
Monitor
Developer
More...
Dashboard
View Api Docs
Vulnerabilities
By Date
Known Exploited
Advanced Search
Vulnerable Software
Vendors
Products
Vulnerability Details CVE-2020-9306
Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account.
Exploit prediction scoring system (EPSS) score
EPSS Score
0.002
EPSS Ranking
44.9%
CVSS Severity
CVSS v3 Score
8.8
CVSS v2 Score
5.8
References
https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2020-0019/FEYE-2020-0019.md
https://www.fireeye.com/blog/threat-research.html
https://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-one.html
https://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-two.html
https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2020-0019/FEYE-2020-0019.md
https://www.fireeye.com/blog/threat-research.html
https://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-one.html
https://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-two.html
Products affected by CVE-2020-9306
Tesla
»
Solarcity Solar Monitoring Gateway
»
Version:
N/A
cpe:2.3:a:tesla:solarcity_solar_monitoring_gateway:-
Tesla
»
Solarcity Solar Monitoring Gateway
»
Version:
5.46.43
cpe:2.3:a:tesla:solarcity_solar_monitoring_gateway:5.46.43
Products
Monitor
Search Engine
Developer API
Maps
Bulk Data
Images
Snippets
Pricing
Membership
API Subscriptions
Enterprise
Contact Us
support@shodan.io
Shodan ® - All rights reserved