R3.0

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

enphase

critical

NVD

Published: 2021-06-16

Updated: 2021-06-28

Summary

An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml.

Vulnerable Configurations

Part	Description	Count
OS	Enphase Enphase Envoy Firmware D4.0 Enphase Envoy Firmware R3.0	2
Hardware	Enphase Enphase Envoy -	1

References

https://stage2sec.com
https://medium.com/stage-2-security/can-solar-controllers-be-used-to-generate-fake-clean-energy-credits-4a7322e7661a
https://enphase.com/en-us/products-and-services/envoy-and-combiner