← Back

CVE-2012-5864

nvd nist
Published: Nov 23, 2012Modified: Apr 29, 2026

JSON object

Loading...
10.0
Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 10.0 / Impact: 10.0
Source: NVD

Description

These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges.

Affected (4)

Sinapsitech
4 products
Sinapsi Firmware
Esolar Duo Photovoltaic System Monitor
Esolar Light Photovoltaic System Monitor
Esolar Photovoltaic System Monitor
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Sinapsi Firmware
Up to 2.0.2870
Esolar Duo Photovoltaic System Monitor
All versions
Esolar Light Photovoltaic System Monitor
All versions
Esolar Photovoltaic System Monitor
All versions

Related CWEs

CWE-264
CWE-264
CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (10)

Source: ics-cert@hq.dhs.gov
Exploit
Source: ics-cert@hq.dhs.gov
Exploit
Source: ics-cert@hq.dhs.gov
Source: ics-cert@hq.dhs.gov
Source: ics-cert@hq.dhs.gov
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.