Envoy 安全漏洞

Envoy is an Enphase open source gateway program for connecting smart home devices. A security vulnerability exists in Envoy versions 1.33.12, 1.34.10, 1.35.6, 1.36.2, and prior versions, which stems from the mTLS certificate matcher incorrectly handling certificates embedded with null bytes, whic...

EUVD-2020-18406

Malware in sbrugna...

EUVD-2020-18403

Malware in sbrugna...

EUVD-2019-17209

Malware in sbrugna...

EUVD-2020-18405

Malware in sbrugna...

EUVD-2020-18404

Malware in sbrugna...

EUVD-2019-17210

Malware in sbrugna...

EUVD-2019-17208

Malware in sbrugna...

EUVD-2024-19488

Malicious code in bioql PyPI...

EUVD-2023-36528

Malicious code in bioql PyPI...

EUVD-2024-19491

Malicious code in bioql PyPI...

EUVD-2024-19490

Malicious code in bioql PyPI...

EUVD-2023-38019

Malicious code in bioql PyPI...

EUVD-2024-19487

Malicious code in bioql PyPI...

EUVD-2024-19489

Malicious code in bioql PyPI...

CVE-2023-33869

Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands...

CVE-2020-25754

An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password derived from the MD5 hash of the username and serial number. The serial number can be retrieved by an...

CVE-2020-25752

An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase accounts. The passwords for these accounts are hardcoded values derived from the MD5 hash of the username and serial number mixed with some static strings. T...

CVE-2020-25755

An issue was discovered on Enphase Envoy R3.x and D4.x and other current devices. The upgradestart function in /installer/upgradestart allows remote authenticated users to execute arbitrary commands via the force parameter...

CVE-2020-25753

An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml...