CVE-2023-32274

Summary

Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information.

Affected Software

VendorProductVersion RangeStatus
EnphaseEnphase Installer Toolkit3.27.0affected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials

Workarounds

Users of the affected product are encouraged to contact Enphase Energy support https://support.enphase.com/s/contact-us  for additional information.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References