A weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account.
CVSS Score
7.2
EPSS Score
0.004
Published
2019-02-09
XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-02-09
A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-02-09