EG4 Electronics Inverters Product Registration Status Information Disclosure Vulnerability

Vulnerability

A vulnerability exists in the public-facing product registration endpoint of EG4 Electronics inverters. The server's response varies based on the registration status of the serial number (S/N), which is assigned sequentially. This discrepancy allows an attacker to infer the registration status of different S/Ns. The vulnerability affects all versions of the following EG4 inverters: 12kPV, 18kPV, Flex 21, Flex 18, 6000XP, 12000XP, and GridBoss.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure regarding the product registration status of various serial numbers, potentially allowing for targeted attacks based on this information.

Added: Aug 8, 2025, 5:33 PM

Updated: Aug 8, 2025, 5:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

EG4 Electronics Inverters Product Registration Status Information Disclosure Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating