Vulnerability Description
An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase accounts. The passwords for these accounts are hardcoded values derived from the MD5 hash of the username and serial number mixed with some static strings. The serial number can be retrieved by an unauthenticated user at /info.xml. These passwords can be easily calculated by an attacker; users are unable to change these passwords.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Enphase | Envoy Firmware | d4.0 |
| Enphase | Envoy | - |
Related Weaknesses (CWE)
References
- https://enphase.com/en-us/products-and-services/envoy-and-combinerProductVendor Advisory
- https://medium.com/stage-2-security/can-solar-controllers-be-used-to-generate-faExploitThird Party Advisory
- https://stage2sec.comThird Party Advisory
- https://enphase.com/en-us/products-and-services/envoy-and-combinerProductVendor Advisory
- https://medium.com/stage-2-security/can-solar-controllers-be-used-to-generate-faExploitThird Party Advisory
- https://stage2sec.comThird Party Advisory
FAQ
What is CVE-2020-25752?
CVE-2020-25752 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase accounts. The passwords for these accounts are hardcoded val...
How severe is CVE-2020-25752?
CVE-2020-25752 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-25752?
Check the references section above for vendor advisories and patch information. Affected products include: Enphase Envoy Firmware, Enphase Envoy.