Tesla · Tesla Solarcity Solar Monitoring Gateway · CVE-2020-9306
Name of the Vulnerable Software and Affected Versions:
Tesla SolarCity Solar Monitoring Gateway versions through 5.46.43
Description:
The issue is related to the use of hard-coded credentials. Specifically, Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the `python` user account.
Recommendations:
For Tesla SolarCity Solar Monitoring Gateway versions through 5.46.43, consider removing or securely storing the hard-coded credentials in the .pyc file used by Digi ConnectPort X2e to mitigate the risk.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.