VYPR

Solar Inverter

by SAJ

CVEs (3)

  • CVE-2019-19228CriDec 4, 2019
    risk 0.64cvss 9.8epss 0.02

    Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file.

  • CVE-2018-12735HigJun 25, 2018
    risk 0.49cvss 7.5epss 0.01

    SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverter_info.htm or english_main.htm URI.

  • CVE-2019-19229MedDec 4, 2019
    risk 0.42cvss 6.5epss 0.02

    admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allows action=download&filename= Directory Traversal.