PT-2019-18701 · Enphase · Enphase Envoy

Published

2019-02-09

Updated

2019-02-12

CVE-2019-7678

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Enphase Envoy versions R3..

Description A directory traversal issue was found, which can be exploited via specific directories such as "images/", "include/", "include/js", or "include/css" on TCP port 8888.

Recommendations For Enphase Envoy version R3.., consider restricting access to the vulnerable directories until a patch is available. As a temporary workaround, limit access to TCP port 8888 to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2019-7678

Affected Products

Enphase Envoy

PT-2019-18701 · Enphase · Enphase Envoy

CVE-2019-7678

Weakness Enumeration

Related Identifiers

Affected Products

References · 4