CVE-2020-25753
The CVE-2020-25753 entry concerns Enphase Envoy R3.x and D4.x devices running v3 software. The issue arises from a default admin password set to the last 6 digits of the serial number, and the serial number is retrievable by an unauthenticated user at /info.xml. This combination creates a credent...