VAR-201902-0281
Vulnerability from variot - Updated: 2023-12-18 13:18A weak password vulnerability was discovered in Enphase Envoy R3... One can login via TCP port 8888 with the admin password for the admin account. Enphase Envoy Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Enphase Envoy is the core home energy control gateway in Enphase Energy's home energy solution. Allows remote attackers to use vulnerabilities to submit special requests and unauthorized access to applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0281",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "envoy",
"scope": "gte",
"trust": 1.0,
"vendor": "enphase",
"version": "3.0.0"
},
{
"model": "envoy",
"scope": "lte",
"trust": 1.0,
"vendor": "enphase",
"version": "3.9.0"
},
{
"model": "envoy",
"scope": "eq",
"trust": 0.8,
"vendor": "enphase energy",
"version": "r3"
},
{
"model": "energy enphase envoy",
"scope": null,
"trust": 0.6,
"vendor": "enphase",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06658"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001891"
},
{
"db": "NVD",
"id": "CVE-2019-7676"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:enphase:envoy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.9.0",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7676"
}
]
},
"cve": "CVE-2019-7676",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-7676",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-06658",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7676",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7676",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-06658",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-195",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06658"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001891"
},
{
"db": "NVD",
"id": "CVE-2019-7676"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-195"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account. Enphase Envoy Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Enphase Envoy is the core home energy control gateway in Enphase Energy\u0027s home energy solution. Allows remote attackers to use vulnerabilities to submit special requests and unauthorized access to applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7676"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001891"
},
{
"db": "CNVD",
"id": "CNVD-2019-06658"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7676",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001891",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-06658",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201902-195",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06658"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001891"
},
{
"db": "NVD",
"id": "CVE-2019-7676"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-195"
}
]
},
"id": "VAR-201902-0281",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06658"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06658"
}
]
},
"last_update_date": "2023-12-18T13:18:50.286000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://enphase.com/en-us"
},
{
"title": "Enphase Envoy has weak password vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/153715"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06658"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001891"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-521",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001891"
},
{
"db": "NVD",
"id": "CVE-2019-7676"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/pudding2/enphase-energy/blob/master/weak_password.txt"
},
{
"trust": 2.4,
"url": "https://github.com/pudding2/enphase-energy/blob/master/weak_password_1.png"
},
{
"trust": 2.4,
"url": "https://github.com/pudding2/enphase-energy/blob/master/weak_password_2.png"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7676"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7676"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001891"
},
{
"db": "NVD",
"id": "CVE-2019-7676"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-195"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-06658"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001891"
},
{
"db": "NVD",
"id": "CVE-2019-7676"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-195"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06658"
},
{
"date": "2019-03-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001891"
},
{
"date": "2019-02-09T22:29:00.510000",
"db": "NVD",
"id": "CVE-2019-7676"
},
{
"date": "2019-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-195"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06658"
},
{
"date": "2019-03-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001891"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-7676"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-195"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-195"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Enphase Envoy Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001891"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-195"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…