← Back

Envoy

envoy

Vendor: Enphase • 3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-7678
1Enphase
1Envoy
Nov 21, 2024
Feb 9, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888.
CVE-2019-7677
1Enphase
1Envoy
Nov 21, 2024
Feb 9, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888.
CVE-2019-7676
1Enphase
1Envoy
Nov 21, 2024
Feb 9, 2019
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
A weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account.