Mojave Inverter Oghi8048A Firmware
CVE-2025-26473
HIGH
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
The Mojave Inverter uses the GET method for sensitive information.
AnalysisAI
The Mojave Inverter uses the GET method for sensitive information. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-598. The Mojave Inverter uses the GET method for sensitive information. Affected products include: Outbackpower Mojave Inverter Oghi8048A Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An attacker may inject commands via specially-crafted post requests. Rated high severity (CVSS 8.7), this vulnerability
An attacker may modify the URL to discover sensitive information about the target network. Rated high severity (CVSS 8.7
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today