| Title | eGauge_Systems_LLC eGauge EG3000 Energy Monitor v3.6.3 Missing Authentication for Critical Function |
|---|
| Description | The EG3000 energy monitoring device exposes multiple unauthenticated web interfaces, allowing unauthorized actors to retrieve sensitive operational and user data without authentication. This violates the principle of least privilege and exposes three categories of critical information:
Energy Usage Data: Real-time and historical electricity consumption patterns, potentially revealing occupancy habits or business operations.
Network Configuration: Device network settings, including connectivity details that could facilitate lateral network movement.
System Telemetry: Software environment details (OS, packages) that may aid further exploit development. |
|---|
| Source | ⚠️ https://github.com/zeke2997/CVE_request_eGauge_Systems_LLC |
|---|
| User | zeke (UID 84610) |
|---|
| Submission | 05/27/2025 17:41 (11 months ago) |
|---|
| Moderation | 06/08/2025 19:46 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 311631 [eGauge EG3000 Energy Monitor 3.6.3 Setting missing authentication] |
|---|
| Points | 20 |
|---|