Sign-up

ID

VAR-201902-0281


CVE

CVE-2019-7676


TITLE

Enphase Envoy Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2019-001891

DESCRIPTION

A weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account. Enphase Envoy Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Enphase Envoy is the core home energy control gateway in Enphase Energy's home energy solution. Allows remote attackers to use vulnerabilities to submit special requests and unauthorized access to applications

Trust: 2.16

sources: NVD: CVE-2019-7676 // JVNDB: JVNDB-2019-001891 // CNVD: CNVD-2019-06658

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-06658

AFFECTED PRODUCTS

vendor:enphasemodel:envoyscope:gteversion:3.0.0

Trust: 1.0

vendor:enphasemodel:envoyscope:lteversion:3.9.0

Trust: 1.0

vendor:enphase energymodel:envoyscope:eqversion:r3

Trust: 0.8

vendor:enphasemodel:energy enphase envoyscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-06658 // JVNDB: JVNDB-2019-001891 // NVD: CVE-2019-7676

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7676
value: HIGH

Trust: 1.0

NVD: CVE-2019-7676
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-06658
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201902-195
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-7676
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-06658
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-7676
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-06658 // JVNDB: JVNDB-2019-001891 // CNNVD: CNNVD-201902-195 // NVD: CVE-2019-7676

PROBLEMTYPE DATA

problemtype:CWE-521

Trust: 1.0

problemtype:CWE-255

Trust: 0.8

sources: JVNDB: JVNDB-2019-001891 // NVD: CVE-2019-7676

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-195

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201902-195

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001891

PATCH
title:Top Pageurl:https://enphase.com/en-us
Trust: 0.8
title:Enphase Envoy has weak password vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/153715
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-06658 // 
            
            
            
            JVNDB: JVNDB-2019-001891

EXTERNAL IDS
db:NVDid:CVE-2019-7676
Trust: 3.0
db:JVNDBid:JVNDB-2019-001891
Trust: 0.8
db:CNVDid:CNVD-2019-06658
Trust: 0.6
db:CNNVDid:CNNVD-201902-195
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-06658 // 
            
            
            
            JVNDB: JVNDB-2019-001891 // 
            
            
            
            CNNVD: CNNVD-201902-195 // 
            
            
            
            NVD: CVE-2019-7676

REFERENCES
url:https://github.com/pudding2/enphase-energy/blob/master/weak_password.txt
Trust: 2.4
url:https://github.com/pudding2/enphase-energy/blob/master/weak_password_1.png
Trust: 2.4
url:https://github.com/pudding2/enphase-energy/blob/master/weak_password_2.png
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-7676
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7676
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-001891 // 
            
            
            
            CNNVD: CNNVD-201902-195 // 
            
            
            
            NVD: CVE-2019-7676

SOURCES
db:CNVDid:CNVD-2019-06658
db:JVNDBid:JVNDB-2019-001891
db:CNNVDid:CNNVD-201902-195
db:NVDid:CVE-2019-7676

LAST UPDATE DATE
2024-11-23T22:55:39.775000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-06658date:2019-03-12T00:00:00
db:JVNDBid:JVNDB-2019-001891date:2019-03-28T00:00:00
db:CNNVDid:CNNVD-201902-195date:2020-08-25T00:00:00
db:NVDid:CVE-2019-7676date:2024-11-21T04:48:31.270

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-06658date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2019-001891date:2019-03-28T00:00:00
db:CNNVDid:CNNVD-201902-195date:2019-02-09T00:00:00
db:NVDid:CVE-2019-7676date:2019-02-09T22:29:00.510