The Carlo Gavazzi EOS-Box stores hard-coded passwords in the PHP file of the device. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
PHP
Authentication Bypass
Eos Box Photovoltaic Monitoring System Firmware
Eos Box Photovoltaic Monitoring System
NVD
CVSS 2.0
10.0
EPSS
0.2%