Enphase Iq Gateway Firmware vulnerabilities
5 known vulnerabilities affecting enphase/iq_gateway_firmware.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-21878P2CRITICALCVSS 9.8≥ 4.0, < 8.2.42252024-08-12
CVE-2024-21878 [CRITICAL] CWE-77 CVE-2024-21878: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is present in an internal script.This issue affects Envoy: from 4.x up to and including 8.x and is currently unpatched.
nvd
CVE-2024-21879P2HIGHCVSS 8.8≥ 4.0, < 8.2.42252024-08-12
CVE-2024-21879 [HIGH] CWE-77 CVE-2024-21879: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability th
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225.
nvd
CVE-2024-21876P3CRITICALCVSS 9.1≥ 4.0, < 8.2.42252024-08-12
CVE-2024-21876 [CRITICAL] CWE-22 CVE-2024-21876: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a U
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to access or create arbitratry files.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225.
nvd
CVE-2024-21880P3HIGHCVSS 7.2≥ 4.0, ≤ 7.3.1202024-08-12
CVE-2024-21880 [HIGH] CWE-77 CVE-2024-21880: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability vi
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) allows OS Command Injection.This issue affects Envoy: 4.x <= 7.x
nvd
CVE-2024-21877P3MEDIUMCVSS 6.5≥ 4.0, < 8.2.42252024-08-12
CVE-2024-21877 [MEDIUM] CWE-22 CVE-2024-21877: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: from 4.x to 8.0 and < 8.2.4225.
nvd