CVE-2020-9306 Information

Jun 07, 2022 cve

Description

Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a �se of Hard-coded Credentials\ issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.fireeye.com/blog/threat-research.html https://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-one.html https://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-two.html https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2020-0019/FEYE-2020-0019.md

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8

Share on: