CVE-2025-7768
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially modifying system settings, disrupting solar energy production, and interfering with safety mechanisms.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Tigo Energy | Cloud Connect Advanced | 0 <= 4.0.1 | affected |
Weaknesses
- CWE-798: CWE-798 Use of Hard-coded Credentials
Workarounds
Tigo Energy is aware of these vulnerabilities and is actively working on a fix to address them.
Visit Tigo Energy's Help Center https://support.tigoenergy.com/hc/en-us for more specific security recommendations.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.