cbcvebase.
CVE-2012-5862
published 2012-11-23

CVE-2012-5862: These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the…

PriorityP263critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
11.95%
95.6th percentile
These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access.

Affected

4 ranges
VendorProductVersion rangeFixed in
sinapsiesolar< 2.0.2870_xxx_2.2.122.0.2870_xxx_2.2.12
sinapsiesolar_duo< 2.0.2870_xxx_2.2.122.0.2870_xxx_2.2.12
sinapsiesolar_light< 2.0.2870_xxx_2.2.122.0.2870_xxx_2.2.12
sinapsitechsinapsi_firmware<= 2.0.2870

Detection & IOCsextracted from sources · hover to see the quote

path/dettagliinverter.php?primo=primo&inverterselect=3
path/changelanguagesession.php
path/login.php
path/ping.php
commandcurl "http:///ping.php?ping=ok" -d "ip_dominio=192.168.1.1 -n 1 %26 dir"
otherhardcoded password: 36e44c9b64 (decrypted from crypt hash satIZufhIrUfk)
otherhardcoded password: astridservice (for customization 'astrid')
otherhardcoded password hash: saF8bay.tvfOk (username: sinapsi, password: sinapsi)
  • Monitor HTTP GET requests to /dettagliinverter.php with the 'inverterselect' parameter for SQL injection payloads (e.g., quotes, UNION, comment sequences).
  • Monitor HTTP POST requests to /changelanguagesession.php for SQL injection in the 'lingua' parameter.
  • Detect command injection attempts against /ping.php via the 'ip_dominio' POST parameter; look for shell metacharacters such as '&', ';', '|', '%26' in the parameter value.
  • Alert on unauthenticated access to /ping.php — the device does not verify session authentication before serving this page, making it directly exploitable without login.
  • Flag login attempts to login.php using the known hard-coded passwords '36e44c9b64', 'astridservice', or 'sinapsi', regardless of the supplied username.
  • ·Hard-coded passwords are embedded in the PHP source of login.php and cannot be changed or removed by the user; patching requires a firmware update to version 2.0.2870_2.2.12 or later.
  • ·The vulnerability affects all analyzed firmware versions of the Sinapsi eSolar, eSolar DUO, and eSolar Light, as well as rebranded OEM variants from other manufacturers.
  • ·Passwords in the SQL database are stored in plain text, meaning successful SQL injection against dettagliinverter.php directly yields cleartext credentials.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.