CVE-2023-32274

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jun 20, 2023
Updated: Jun 28, 2023
CWE ID 798

Summary

CVE-2023-32274 is a vulnerability affecting Enphase Installer Toolkit version 3.27.0. The issue involves hard-coded credentials embedded in the Android application's binary code. An attacker who gains access to the toolkit can exploit these credentials and obtain sensitive information. This vulnerability poses a significant risk, as the hard-coded credentials bypass the usual authentication processes, making it easier for unauthorized users to gain unauthorized access. Users are encouraged to update their toolkit to the latest version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share