Enphase Envoy Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Enphase Envoy Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2020-25753 — CVSS 9.8 (critical): An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of…
CVE-2020-25755 — CVSS 8.8 (high): An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start…
CVE-2020-25754 — CVSS 7.5 (high): An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents…
CVE-2023-33869 — CVSS 6.3 (medium): Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands.
CVE-2020-25752 — CVSS 5.3 (medium): An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase…