Page 2 of 8 results (0.003 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888. Se ha descubierto una vulnerabilidad de salto de directorio en Enphase Envoy R3.*.* mediante images/, include/, include/js o include/css en el puerto TCP 8888. • https://github.com/pudding2/enphase-energy/blob/master/directory_traversal_1.png https://github.com/pudding2/enphase-energy/blob/master/directory_traversal_exp.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888. Existe Cross-Site Scripting (XSS) en Enphase Envoy R3.*.* mediante el parámetro profileName en el URI /home en el puerto TCP 8888. • https://github.com/pudding2/enphase-energy/blob/master/XSS-exp.txt https://github.com/pudding2/enphase-energy/blob/master/XSS.png • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

A weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account. Se ha descubierto una vulnerabilidad de contraseña débil en Enphase Envoy R3.*.*. Se puede iniciar sesión mediante el puerto TCP 8888 con la contraseña "admin" para la cuenta de administrador. • https://github.com/pudding2/enphase-energy/blob/master/weak_password.txt https://github.com/pudding2/enphase-energy/blob/master/weak_password_1.png https://github.com/pudding2/enphase-energy/blob/master/weak_password_2.png • CWE-521: Weak Password Requirements •