CVE-2019-7678
https://notcve.org/view.php?id=CVE-2019-7678
A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888. Se ha descubierto una vulnerabilidad de salto de directorio en Enphase Envoy R3.*.* mediante images/, include/, include/js o include/css en el puerto TCP 8888. • https://github.com/pudding2/enphase-energy/blob/master/directory_traversal_1.png https://github.com/pudding2/enphase-energy/blob/master/directory_traversal_exp.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-7677
https://notcve.org/view.php?id=CVE-2019-7677
XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888. Existe Cross-Site Scripting (XSS) en Enphase Envoy R3.*.* mediante el parámetro profileName en el URI /home en el puerto TCP 8888. • https://github.com/pudding2/enphase-energy/blob/master/XSS-exp.txt https://github.com/pudding2/enphase-energy/blob/master/XSS.png • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-7676
https://notcve.org/view.php?id=CVE-2019-7676
A weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account. Se ha descubierto una vulnerabilidad de contraseña débil en Enphase Envoy R3.*.*. Se puede iniciar sesión mediante el puerto TCP 8888 con la contraseña "admin" para la cuenta de administrador. • https://github.com/pudding2/enphase-energy/blob/master/weak_password.txt https://github.com/pudding2/enphase-energy/blob/master/weak_password_1.png https://github.com/pudding2/enphase-energy/blob/master/weak_password_2.png • CWE-521: Weak Password Requirements •