Tigo Energy Cloud Connect Advanced Command Injection Vulnerability

The Tigo Energy Cloud Connect Advanced is a compact data logger from Tigo Energy USA. Tigo Energy Cloud Connect Advanced suffers from a command injection vulnerability due to a flaw in the /cgi-bin/mobileapi endpoint when the DEVICEPING command is invoked. An attacker could exploit the...

Tigo Energy Cloud Connect Advanced (CCA) 4.0.1 - Command Injection

/ Title : Tigo Energy Cloud Connect Advanced CCA 4.0.1 - Command Injection Author : Byte Reaper CVE : CVE-2025-7769 / include include include include "argparse.h" include include include define FULLURL 2500 define POSTPAYLOAD 5500 const char baseurl = NULL; const char cookies = NULL; const char i...

CVE-2025-7770

Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID...

CVE-2025-7769

Tigo Energy's CCA is vulnerable to a command injection vulnerability in the /cgi-bin/mobileapi endpoint when the DEVICEPING command is called, allowing remote code execution due to improper handling of user input. When used with default credentials, this enables attackers to execute arbitrary...

Tigo Energy CCA Command Injection

This repository contains a proof of concept exploit exploit for CVE‑2025‑7769, a critical remote command injection vulnerability found in Tigo Energy CCA appliances exposing the /cgi-bin/mobileapi endpoint...

CVE-2025-7768

Tigo Energy's Cloud Connect Advanced CCA device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially modifying system settings, disrupting solar...

CVE-2025-7769

Tigo Energy's CCA is vulnerable to a command injection vulnerability in the /cgi-bin/mobileapi endpoint when the DEVICEPING command is called, allowing remote code execution due to improper handling of user input. When used with default credentials, this enables attackers to execute arbitrary...

CVE-2025-7770

Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID...

CVE-2025-7770 Predictable Seed in Pseudo-Random Number Generator (PRNG) in Tigo Energy Cloud Connect Advanced

Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID...

CVE-2025-7769 Improper Neutralization of Special Elements used in a Command ('Command Injection') in Tigo Energy Cloud Connect Advanced

Tigo Energy's CCA is vulnerable to a command injection vulnerability in the /cgi-bin/mobileapi endpoint when the DEVICEPING command is called, allowing remote code execution due to improper handling of user input. When used with default credentials, this enables attackers to execute arbitrary...

Tigo Energy Cloud Connect Advanced 安全漏洞

Tigo Energy Cloud Connect Advanced is a compact data logger from Tigo Energy USA. A security vulnerability exists in Tigo Energy Cloud Connect Advanced that stems from insecure session ID generation that could lead to unauthorized access...

Tigo Energy Cloud Connect Advanced 信任管理问题漏洞

Tigo Energy Cloud Connect Advanced is a compact data logger from Tigo Energy USA. A trust management issue vulnerability exists in Tigo Energy Cloud Connect Advanced, which stems from hard-coded credentials and could lead to elevated privileges...

Tigo Energy Cloud Connect Advanced 命令注入漏洞

The Tigo Energy Cloud Connect Advanced is a compact data logger from Tigo Energy USA. Tigo Energy Cloud Connect Advanced suffers from a command injection vulnerability due to a flaw in the /cgi-bin/mobileapi endpoint when the DEVICEPING command is invoked. An attacker could exploit the...

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on August 5, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-217-01 Mitsubishi Electric Iconics Digital Solutions Multiple Products ICSA-25-217-02 Ti...

PT-2025-32227 · Tigo Energy · Tigo Energy Cca

Name of the Vulnerable Software and Affected Versions: Tigo Energy CCA affected versions not specified Description: The Tigo Energy CCA is susceptible to a command injection issue in the /cgi-bin/mobile api endpoint when the DEVICE PING command is invoked. This allows for remote code execution du...

PT-2025-32226 · Tigo Energy · Cloud Connect Advanced

Name of the Vulnerable Software and Affected Versions: Tigo Energy Cloud Connect Advanced CCA affected versions not specified Description: Tigo Energy's Cloud Connect Advanced CCA device contains hard-coded credentials that allow unauthorized users to gain administrative access. This allows...

PT-2025-32228 · Tigo Energy · Tigo Energy Cca

Name of the Vulnerable Software and Affected Versions: Tigo Energy CCA device affected versions not specified Description: The Tigo Energy CCA device is susceptible to insecure session ID generation within its remote API. Session IDs are created using a predictable method based on the current...