These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access.
CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:CSinapsitech Esolar Duo Photovoltaic System Monitor
HWSinapsitechwszystkie wersjeSinapsitech Esolar Light Photovoltaic System Monitor
HWSinapsitechwszystkie wersjeSinapsitech Esolar Photovoltaic System Monitor
HWSinapsitechwszystkie wersjeSinapsitech Sinapsi Firmware
OSSinapsitech≤ 2.0.2870
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
References
Related vulnerabilities
CVE-2012-5861HIGH7.8ten sam produkt
These Sinapsi devices do not check the validity of the data before executing queries. By accessing the SQL ta...
CVE-2012-5863HIGH10.0ten sam produkt
These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain ...
CVE-2012-5864HIGH9.4ten sam produkt
These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. ...