| عنوان | eGauge_Systems_LLC eGauge EG3000 Energy Monitor v3.6.3 Missing Authentication for Critical Function |
|---|
| الوصف | The EG3000 energy monitoring device exposes multiple unauthenticated web interfaces, allowing unauthorized actors to retrieve sensitive operational and user data without authentication. This violates the principle of least privilege and exposes three categories of critical information:
Energy Usage Data: Real-time and historical electricity consumption patterns, potentially revealing occupancy habits or business operations.
Network Configuration: Device network settings, including connectivity details that could facilitate lateral network movement.
System Telemetry: Software environment details (OS, packages) that may aid further exploit development. |
|---|
| المصدر | ⚠️ https://github.com/zeke2997/CVE_request_eGauge_Systems_LLC |
|---|
| المستخدم | zeke (UID 84610) |
|---|
| ارسال | 27/05/2025 05:41 PM (11 أشهر منذ) |
|---|
| الاعتدال | 08/06/2025 07:46 PM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 311631 [eGauge EG3000 Energy Monitor 3.6.3 Setting توثيق ضعيف] |
|---|
| النقاط | 20 |
|---|