CVE-2012-5862

Sinapsi - Info Disclosure

Title source: llm

Description

These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access.

Exploits (1)

exploitdb WRITEUP

by Roberto Paleari · textwebappsphp

https://www.exploit-db.com/exploits/21273

View Code ZIP pw:eip

References (6)

[US Government Resource] http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01

[Exploit] http://www.exploit-db.com/exploits/21273/

[Exploit] http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/80200

[Various Sources] http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88

Scores

EPSS 0.1826

EPSS Percentile 95.2%

Details

CWE

CWE-259 CWE-310

Status published

Products (7)

Sinapsi/eSolar < 2.0.2870_xxx_2.2.12

Sinapsi/eSolar DUO < 2.0.2870_xxx_2.2.12

Sinapsi/eSolar Light < 2.0.2870_xxx_2.2.12

sinapsitech/esolar_duo_photovoltaic_system_monitor

sinapsitech/esolar_light_photovoltaic_system_monitor

sinapsitech/esolar_photovoltaic_system_monitor

sinapsitech/sinapsi_firmware < 2.0.2870

Published Nov 23, 2012

Tracked Since Feb 18, 2026