The Carlo Gavazzi EOS-Box stores hard-coded passwords in the PHP file of the device. By using the hard-coded passwords, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access.
oryginał ENCVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:CCarlosgavazzi Eos Box Photovoltaic Monitoring System
HWCarlosgavazziwszystkie wersjeCarlosgavazzi Eos Box Photovoltaic Monitoring System Firmware
OSCarlosgavazzi≤ 1.0.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2012-6427HIGH7.8ten sam produkt
The Carlo Gavazzi EOS-Box does not check the validity of the data before executing queries. By accessing the...
CVE-2017-5144CRITICAL9.8ten sam vendor
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to fir...
CVE-2017-5145CRITICAL10.0ten sam vendor
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to fir...
CVE-2017-5146HIGH7.5ten sam vendor
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to fir...