ţţ�淨�r��

Advisory ID:
ENSA-2023-1

CVSSv3:
8.6

Issue date:
2023-06-27

Updated on:
2023-06-27 (initial advisory)

CVE(s):
CVE-2023-32274

Synopsis:
ţţ�淨�r�� Installer App 3.30.1 addresses hard-coded credentials embedded in binary code in ţţ�淨�r�� Installer App 3.27.0

1. Impacted product

ţţ�淨�r�� Installer App 3.27.0

2. Introduction

CISA published an advisory identifying hard-coded credentials in binary code in ţţ�淨�r�� Installer App 3.27.0. An update is available to address this issue.

3. Summary

Description:
ţţ�淨�r�� Installer App 3.27.0 contains hard-coded credentials in binary code that may allow an attacker to access information or write information to ţţ�淨�r�� systems. CISA has evaluated the severity of this issue to be high with a CVSSv3 base score of 8.6.

Known attack vectors:
A malicious actor may be able to exploit the hard-coded credentials to access information or write information to ţţ�淨�r�� systems.

Resolution:
Upgrading the ţţ�淨�r�� Installer App 3.27.0 to 3.30.1 or newer through the Apple App store or Google Play store, and revocation of hard-coded credentials.

Workarounds:
None.

Additional documentation:
None.

Acknowledgments:
ţţ�淨�r�� would like to thank the anonymous researcher “OBSWCY3F” for reporting this issue.

Notes:
None.

4. References

ţţ�淨�r�� Installer App 3.30.1 release notes

5. Change log

2023-06-27 ENSA-2023-1: Initial security advisory.

6. Contact and information

cybersecurity@enphase.com
ţţ�淨�r�� security advisories
ţţ�淨�r�� vulnerability reporting
ţţ�淨�r�� documentation center