| タイトル | eGauge_Systems_LLC eGauge EG3000 Energy Monitor v3.6.3 Missing Authentication for Critical Function |
|---|
| 説明 | The EG3000 energy monitoring device exposes multiple unauthenticated web interfaces, allowing unauthorized actors to retrieve sensitive operational and user data without authentication. This violates the principle of least privilege and exposes three categories of critical information:
Energy Usage Data: Real-time and historical electricity consumption patterns, potentially revealing occupancy habits or business operations.
Network Configuration: Device network settings, including connectivity details that could facilitate lateral network movement.
System Telemetry: Software environment details (OS, packages) that may aid further exploit development. |
|---|
| ソース | ⚠️ https://github.com/zeke2997/CVE_request_eGauge_Systems_LLC |
|---|
| ユーザー | zeke (UID 84610) |
|---|
| 送信 | 2025年05月27日 17:41 (11 月 ago) |
|---|
| モデレーション | 2025年06月08日 19:46 (12 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 311631 [eGauge EG3000 Energy Monitor 3.6.3 Setting 弱い認証] |
|---|
| ポイント | 20 |
|---|