CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
79.3%
Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by reading a password in a PHP script, a similar issue to CVE-2012-5862.
Vendor | Product | Version | CPE |
---|---|---|---|
carlosgavazzi | eos-box_photovoltaic_monitoring_system_firmware | * | cpe:2.3:o:carlosgavazzi:eos-box_photovoltaic_monitoring_system_firmware:*:*:*:*:*:*:*:* |
carlosgavazzi | eos-box_photovoltaic_monitoring_system | - | cpe:2.3:h:carlosgavazzi:eos-box_photovoltaic_monitoring_system:-:*:*:*:*:*:*:* |