How severe is CVE-2020-25752?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2020-25752?

This is classified as CWE-798, which is a common weakness in software security.

CVE-2020-25752

MEDIUM Year: 2020

CVSS v3 Score

5.3

Medium

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-798

View all →

Vulnerability Description

An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase accounts. The passwords for these accounts are hardcoded values derived from the MD5 hash of the username and serial number mixed with some static strings. The serial number can be retrieved by an unauthenticated user at /info.xml. These passwords can be easily calculated by an attacker; users are unable to change these passwords.

CVE-2013-1603

MEDIUM

CVSS:5.3(Medium)

An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-523...

CWE-7982013

CVE-2017-10616

MEDIUM

CVSS:5.3(Medium)

The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded credentials. Affected releases are Contrail releases 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior t...

CWE-7982017

CVE-2017-12709

MEDIUM

CVSS:5.3(Medium)

A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, ...

CWE-7982017

CVE-2017-2720

MEDIUM

CVSS:5.3(Medium)

FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increas...

CWE-7982017

CVE-2018-0329

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote att...

CWE-7982018

CVE-2019-18831

MEDIUM

CVSS:5.3(Medium)

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information Exposure. The encrypted ClickShare Button firmware contains the private key of a test device-certificate.

CWE-7982019

CVE-2020-25752

Vulnerability Description

Related Vulnerabilities

CVE-2013-1603

CVE-2017-10616

CVE-2017-12709

CVE-2017-2720

CVE-2018-0329

CVE-2019-18831