Sam Sabetan

Name of the Vulnerable Software and Affected Versions: Tesla SolarCity Solar Monitoring Gateway versions through 5.46.43 Description: The issue is related to the use of hard-coded credentials. Specifically, Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the `python` user account. Recommendations: For Tesla SolarCity Solar Monitoring Gateway versions through 5.46.43, consider removing or securely storing the hard-coded credentials in the .pyc file used by Digi ConnectPort X2e to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Digi ConnectPort X2e versions prior to 3.2.30.6 **Description** The issue allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory. **Recommendations** For versions prior to 3.2.30.6, update to version 3.2.30.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the /WEB/python/.ssh directory and the S50dropbear.sh script to minimize the risk of exploitation.