The Carlo Gavazzi EOS-Box does not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication, attackers can leak information from the device. This could allow the attacker to compromise confidentiality.
CVSS Vector
AV:N/AC:L/Au:N/C:C/I:N/A:NCarlosgavazzi Eos Box Photovoltaic Monitoring System
HWCarlosgavazziwszystkie wersjeCarlosgavazzi Eos Box Photovoltaic Monitoring System Firmware
OSCarlosgavazzi≤ 1.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
Related vulnerabilities
CVE-2012-6428HIGH10.0ten sam produkt
The Carlo Gavazzi EOS-Box stores hard-coded passwords in the PHP file of the device. By using the hard-code...
CVE-2017-5144CRITICAL9.8ten sam vendor
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to fir...
CVE-2017-5145CRITICAL10.0ten sam vendor
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to fir...
CVE-2017-5146HIGH7.5ten sam vendor
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to fir...