Vulnerabilities > CVE-2020-25753 - Unspecified vulnerability in Enphase Envoy Firmware D4.0/R3.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
enphase

Summary

An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml.

Vulnerable Configurations

Part Description Count
OS
Enphase
2
Hardware
Enphase
1