Sinapsi Firmware
CVE-2012-5864
CRITICAL
Severity by source
AV:N/AC:L/Au:N/C:C/I:C/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:C/I:C/A:N
Lifecycle Timeline
1DescriptionCVE.org
These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges.
AnalysisAI
These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.3%.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges. Affected products include: Sinapsitech Sinapsi Firmware, Sinapsitech Esolar Duo Photovoltaic System Monitor, Sinapsitech Esolar Light Photovoltaic System Monitor, Sinapsitech Esolar Photovoltaic System Monitor.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
More in Sinapsi Firmware
View allThese Sinapsi devices store hard-coded passwords in the PHP file of the device. Rated critical severity (CVSS 10.0), thi
These Sinapsi devices do not check for special elements in commands sent to the system. Rated critical severity (CVSS 10
These Sinapsi devices do not check the validity of the data before executing queries. Rated high severity (CVSS 7.8), th
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today