CVE-2025-26473 affects the Outback Power Mojave Inverter and was published by CISA on 2025-02-13. The advisory states that the device uses the GET method for sensitive information, which can expose confidentiality-sensitive data. CISA assigns the issue a CVSS 3.1 score of 7.5 (HIGH) and recommends disabling the product’s networking features until a replacement product can be acquired.
CVE-2025-24861 covers a command injection issue in the Outback Power Mojave Inverter. CISA’s advisory says an attacker may inject commands via specially crafted POST requests, and the supplied remediation recommends disabling the product’s networking features until a replacement can be acquired. The advisory was published on 2025-02-13 and the supplied metadata does not list the issue in CISA’s Known Expl [truncated]
