eGauge EG3000 Energy Monitor Missing Authentication Vulnerability
Vulnerability
A vulnerability exists in the eGauge EG3000 Energy Monitor version 3.6.3, where multiple web interfaces lack authentication. This flaw allows unauthorized users to access sensitive operational and user data, including real-time and historical energy consumption patterns, network configuration details, and system telemetry information. The vulnerability, classified as CWE-306 (Missing Authentication for Critical Function), can be exploited remotely without any form of authentication.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive data, including energy usage patterns, network configuration details, and system telemetry information. Such access could violate privacy by disclosing personal or business-related behaviors and expand the attack surface by providing information that could be used to exploit other vulnerabilities.
Remediation
It is recommended to implement restrictive firewall rules to block unauthorized access to the device's web interfaces.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.