VAR-202106-0267
Vulnerability from variot - Updated: 2023-12-18 12:26An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml. Enphase Envoy An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Enphase Energy Envoy is a gateway device used to connect smart home devices from Enphase Energy in the United States.
Enphase Energy Envoy has security vulnerabilities. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-0267",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "envoy",
"scope": "eq",
"trust": 1.0,
"vendor": "enphase",
"version": "r3.0"
},
{
"model": "envoy",
"scope": "eq",
"trust": 1.0,
"vendor": "enphase",
"version": "d4.0"
},
{
"model": "envoy",
"scope": "eq",
"trust": 0.8,
"vendor": "enphase energy",
"version": "r3.x"
},
{
"model": "envoy",
"scope": "eq",
"trust": 0.8,
"vendor": "enphase energy",
"version": "d4.x"
},
{
"model": "envoy",
"scope": "eq",
"trust": 0.8,
"vendor": "enphase energy",
"version": null
},
{
"model": "energy envoy r3.*",
"scope": null,
"trust": 0.6,
"vendor": "enphase",
"version": null
},
{
"model": "energy envoy d4.*",
"scope": null,
"trust": 0.6,
"vendor": "enphase",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-45766"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008489"
},
{
"db": "NVD",
"id": "CVE-2020-25753"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:enphase:envoy_firmware:d4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:enphase:envoy_firmware:r3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:enphase:envoy:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25753"
}
]
},
"cve": "CVE-2020-25753",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-25753",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-45766",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-25753",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-25753",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2021-45766",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-1346",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-25753",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-45766"
},
{
"db": "VULMON",
"id": "CVE-2020-25753"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008489"
},
{
"db": "NVD",
"id": "CVE-2020-25753"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1346"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml. Enphase Envoy An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Enphase Energy Envoy is a gateway device used to connect smart home devices from Enphase Energy in the United States. \n\r\n\r\nEnphase Energy Envoy has security vulnerabilities. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25753"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008489"
},
{
"db": "CNVD",
"id": "CNVD-2021-45766"
},
{
"db": "VULMON",
"id": "CVE-2020-25753"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-25753",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008489",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-45766",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1346",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-25753",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-45766"
},
{
"db": "VULMON",
"id": "CVE-2020-25753"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008489"
},
{
"db": "NVD",
"id": "CVE-2020-25753"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1346"
}
]
},
"id": "VAR-202106-0267",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-45766"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-45766"
}
]
},
"last_update_date": "2023-12-18T12:26:52.311000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Communication",
"trust": 0.8,
"url": "https://enphase.com/en-us/products-and-services/envoy-and-combiner"
},
{
"title": "Patch for Enphase Energy Envoy has an unspecified vulnerability (CNVD-2021-45766)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/276111"
},
{
"title": "Enphase Envoy Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=155436"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-45766"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008489"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1346"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008489"
},
{
"db": "NVD",
"id": "CVE-2020-25753"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://medium.com/stage-2-security/can-solar-controllers-be-used-to-generate-fake-clean-energy-credits-4a7322e7661a"
},
{
"trust": 1.7,
"url": "https://stage2sec.com"
},
{
"trust": 1.7,
"url": "https://enphase.com/en-us/products-and-services/envoy-and-combiner"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25753"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-45766"
},
{
"db": "VULMON",
"id": "CVE-2020-25753"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008489"
},
{
"db": "NVD",
"id": "CVE-2020-25753"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1346"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-45766"
},
{
"db": "VULMON",
"id": "CVE-2020-25753"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008489"
},
{
"db": "NVD",
"id": "CVE-2020-25753"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1346"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-45766"
},
{
"date": "2021-06-16T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25753"
},
{
"date": "2022-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-008489"
},
{
"date": "2021-06-16T19:15:23.380000",
"db": "NVD",
"id": "CVE-2020-25753"
},
{
"date": "2021-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-1346"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-45766"
},
{
"date": "2021-06-28T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25753"
},
{
"date": "2022-03-17T09:02:00",
"db": "JVNDB",
"id": "JVNDB-2021-008489"
},
{
"date": "2021-06-28T14:22:52.783000",
"db": "NVD",
"id": "CVE-2020-25753"
},
{
"date": "2021-06-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-1346"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-1346"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Enphase\u00a0Envoy\u00a0 Vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008489"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-1346"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…