CVE-2020-25755

An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary commands via the force parameter.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:enphase:envoy_firmware:d4.0:*:*:*:*:*:*:*
cpe:2.3:o:enphase:envoy_firmware:r3.0:*:*:*:*:*:*:*
cpe:2.3:h:enphase:envoy:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-06-16 19:15

Updated : 2022-05-03 16:04


NVD link : CVE-2020-25755

Mitre link : CVE-2020-25755

CVE.ORG link : CVE-2020-25755


JSON object : View

Products Affected

enphase

  • envoy_firmware
  • envoy
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')