| tiêu đề | eGauge_Systems_LLC eGauge EG3000 Energy Monitor v3.6.3 Missing Authentication for Critical Function |
|---|
| Mô tả | The EG3000 energy monitoring device exposes multiple unauthenticated web interfaces, allowing unauthorized actors to retrieve sensitive operational and user data without authentication. This violates the principle of least privilege and exposes three categories of critical information:
Energy Usage Data: Real-time and historical electricity consumption patterns, potentially revealing occupancy habits or business operations.
Network Configuration: Device network settings, including connectivity details that could facilitate lateral network movement.
System Telemetry: Software environment details (OS, packages) that may aid further exploit development. |
|---|
| Nguồn | ⚠️ https://github.com/zeke2997/CVE_request_eGauge_Systems_LLC |
|---|
| Người dùng | zeke (UID 84610) |
|---|
| Đệ trình | 27/05/2025 17:41 (cách đây 11 các tháng) |
|---|
| Kiểm duyệt | 08/06/2025 19:46 (12 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 311631 [eGauge EG3000 Energy Monitor 3.6.3 Setting xác thực yếu] |
|---|
| điểm | 20 |
|---|