CVE-2020-25755 - OpenCVE

An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary commands via the force parameter.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Enphase	Envoy Firmware Envoy

Configuration 1 [-]

AND

OR	cpe:2.3:o:enphase:envoy_firmware:d4.0:::::::*
	cpe:2.3:o:enphase:envoy_firmware:r3.0:::::::*

cpe:2.3:h:enphase:envoy:-:*:*:*:*:*:*:*

References

Link	Resource
https://enphase.com/en-us/products-and-services/envoy-and-combiner	Product Vendor Advisory
https://medium.com/stage-2-security/can-solar-controllers-be-used-to-generate-fake-clean-energy-credits-4a7322e7661a	Exploit Third Party Advisory
https://stage2sec.com	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-06-16T18:27:47

Updated: 2021-06-16T18:27:47

Reserved: 2020-09-18T00:00:00

Link: CVE-2020-25755

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-06-16T19:15:32.940

Modified: 2022-05-03T16:04:40.443

Link: CVE-2020-25755

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary commands via the force parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-16T18:27:47", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://enphase.com/en-us/products-and-services/envoy-and-combiner"}, {"tags": ["x_refsource_MISC"], "url": "https://stage2sec.com"}, {"tags": ["x_refsource_MISC"], "url": "https://medium.com/stage-2-security/can-solar-controllers-be-used-to-generate-fake-clean-energy-credits-4a7322e7661a"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-25755", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary commands via the force parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://enphase.com/en-us/products-and-services/envoy-and-combiner", "refsource": "MISC", "url": "https://enphase.com/en-us/products-and-services/envoy-and-combiner"}, {"name": "https://stage2sec.com", "refsource": "MISC", "url": "https://stage2sec.com"}, {"name": "https://medium.com/stage-2-security/can-solar-controllers-be-used-to-generate-fake-clean-energy-credits-4a7322e7661a", "refsource": "MISC", "url": "https://medium.com/stage-2-security/can-solar-controllers-be-used-to-generate-fake-clean-energy-credits-4a7322e7661a"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-25755", "datePublished": "2021-06-16T18:27:47", "dateReserved": "2020-09-18T00:00:00", "dateUpdated": "2021-06-16T18:27:47", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:enphase:envoy_firmware:d4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0206722B-9144-4946-BC19-6DEA41645407", "vulnerable": true}, {"criteria": "cpe:2.3:o:enphase:envoy_firmware:r3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E1B1A50F-6A90-493A-B997-138267FFAEB4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:enphase:envoy:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9FE4788-74CB-4DAB-ABF9-0C6D361E7B9B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary commands via the force parameter."}, {"lang": "es", "value": "Se detect\u00f3 un problema en los dispositivos Enphase Envoy versiones R3.x y D4.x (y otros actuales). La funci\u00f3n upgrade_start en la ruta /installer/upgrade_start permite a usuarios autenticados remotos ejecutar comandos arbitrarios por medio del par\u00e1metro force"}], "id": "CVE-2020-25755", "lastModified": "2022-05-03T16:04:40.443", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-16T19:15:32.940", "references": [{"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://enphase.com/en-us/products-and-services/envoy-and-combiner"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://medium.com/stage-2-security/can-solar-controllers-be-used-to-generate-fake-clean-energy-credits-4a7322e7661a"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://stage2sec.com"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}