Every CVE whose affected-product data names Enphase Envoy, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2019-7678 — CVSS 9.8 (critical): A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port…
CVE-2019-7676 — CVSS 7.2 (high): A weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin…
CVE-2019-7677 — CVSS 6.1 (medium): XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888.