VYPR

Solar Inverter

by Fronius

CVEs (2)

  • CVE-2019-19228CriDec 4, 2019
    risk 0.64cvss 9.8epss 0.02

    Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file.

  • CVE-2019-19229MedDec 4, 2019
    risk 0.42cvss 6.5epss 0.02

    admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allows action=download&filename= Directory Traversal.