CVE-2023-33869

Summary

Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands.

Affected Software

VendorProductVersion RangeStatus
EnphaseEnvoyD7.0.88affected

Weaknesses

  • CWE-78: CWE-78 OS Command Injection

Workarounds

Users of the affected products are encouraged to contact Enphase Energy support https://support.enphase.com/s/contact-us  for additional information.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References