CVE-2023-32274
8.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Summary
Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Enphase | Enphase Installer Toolkit | 3.27.0 | affected |
Weaknesses
- CWE-798: CWE-798 Use of Hard-coded Credentials
Workarounds
Users of the affected product are encouraged to contact Enphase Energy support https://support.enphase.com/s/contact-us for additional information.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.