Vulnerabilities > Enphase
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-20 | CVE-2023-32274 | Use of Hard-coded Credentials vulnerability in Enphase Installer Toolkit 3.27.0 Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. | 7.5 |
| 2023-06-20 | CVE-2023-33869 | OS Command Injection vulnerability in Enphase Envoy Firmware D7.0.88 Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands. | 9.8 |
| 2021-06-16 | CVE-2020-25752 | Use of Hard-coded Credentials vulnerability in Enphase Envoy Firmware D4.0/R3.0 An issue was discovered on Enphase Envoy R3.x and D4.x devices. | 5.0 |
| 2021-06-16 | CVE-2020-25753 | Unspecified vulnerability in Enphase Envoy Firmware D4.0/R3.0 An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. | 7.5 |
| 2021-06-16 | CVE-2020-25754 | Use of Password Hash With Insufficient Computational Effort vulnerability in Enphase Envoy Firmware D4.0/R3.0 An issue was discovered on Enphase Envoy R3.x and D4.x devices. | 5.0 |
| 2021-06-16 | CVE-2020-25755 | OS Command Injection vulnerability in Enphase Envoy Firmware D4.0/R3.0 An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. | 6.5 |
| 2019-02-09 | CVE-2019-7678 | Path Traversal vulnerability in Enphase Envoy A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888. | 7.5 |
| 2019-02-09 | CVE-2019-7677 | Cross-site Scripting vulnerability in Enphase Envoy XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888. | 4.3 |
| 2019-02-09 | CVE-2019-7676 | Weak Password Requirements vulnerability in Enphase Envoy A weak password vulnerability was discovered in Enphase Envoy R3.*.*. | 6.5 |