Advisory ID:
ENSA-2023-1
CVSSv3:
8.6
Issue date:
2023-06-27
Updated on:
2023-06-27 (initial advisory)
CVE(s):
CVE-2023-32274
Synopsis:
ţţ㷨 Installer App 3.30.1 addresses hard-coded credentials embedded in binary code in ţţ㷨 Installer App 3.27.0
1. Impacted product
ţţ㷨 Installer App 3.27.0
2. Introduction
CISA published an advisory identifying hard-coded credentials in binary code in ţţ㷨 Installer App 3.27.0. An update is available to address this issue.
3. Summary
Description:
ţţ㷨 Installer App 3.27.0 contains hard-coded credentials in binary code that may allow an attacker to access information or write information to ţţ㷨 systems. CISA has evaluated the severity of this issue to be high with a CVSSv3 base score of 8.6.
Known attack vectors:
A malicious actor may be able to exploit the hard-coded credentials to access information or write information to ţţ㷨 systems.
Resolution:
Upgrading the ţţ㷨 Installer App 3.27.0 to 3.30.1 or newer through the Apple App store or Google Play store, and revocation of hard-coded credentials.
Workarounds:
None.
Additional documentation:
None.
Acknowledgments:
ţţ㷨 would like to thank the anonymous researcher “OBSWCY3F” for reporting this issue.
Notes:
None.
4. References
ţţ㷨 Installer App 3.30.1 release notes
5. Change log
2023-06-27 ENSA-2023-1: Initial security advisory.
6. Contact and information
cybersecurity@enphase.com
ţţ㷨 security advisories
ţţ㷨 vulnerability reporting
ţţ㷨 documentation center