VYPR
Medium severity5.3NVD Advisory· Published Jun 16, 2021· Updated Jun 17, 2026

CVE-2020-25752

CVE-2020-25752

Description

An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase accounts. The passwords for these accounts are hardcoded values derived from the MD5 hash of the username and serial number mixed with some static strings. The serial number can be retrieved by an unauthenticated user at /info.xml. These passwords can be easily calculated by an attacker; users are unable to change these passwords.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Enphase/Envoydescription
  • Enphase/Envoyllm-fuzzy
    Range: R3.x and D4.x

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.