HIGH🇬🇧 English

CVE-2012-6427

CVSS 7.8v2.0pub. 2012-12-23upd. 2026-04-29

The Carlo Gavazzi EOS-Box does not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication, attackers can leak information from the device. This could allow the attacker to compromise confidentiality.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:C/I:N/A:N
  • Carlosgavazzi Eos Box Photovoltaic Monitoring System

    HW
    Carlosgavazzi
    wszystkie wersje
  • Carlosgavazzi Eos Box Photovoltaic Monitoring System Firmware

    OS
    Carlosgavazzi
    ≤ 1.0.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2012-6428HIGH10.0ten sam produkt

The Carlo Gavazzi EOS-Box stores hard-coded passwords in the PHP file of the device. By using the hard-code...

CVE-2017-5144CRITICAL9.8ten sam vendor

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to fir...

CVE-2017-5145CRITICAL10.0ten sam vendor

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to fir...

CVE-2017-5146HIGH7.5ten sam vendor

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to fir...

CVE-2012-6427 — HIGH 7.8 | CVEbaza.pl