PT-2024-19107 · Enphase · Enphase Iq Gateway
Frank Breedijk
+2
·
Published
2024-08-10
·
Updated
2024-08-23
·
CVE-2024-21876
CVSS v4.0
9.2
Critical
| Vector | AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:P/AU:Y/R:I/V:C/RE:H |
Name of the Vulnerable Software and Affected Versions
Enphase IQ Gateway (formerly known as Envoy) versions 4.x through 8.x and less than 8.2.4225
Description
The issue is related to a Path Traversal vulnerability, which allows an unauthenticated attacker to access or create arbitrary files via a URL parameter. This vulnerability affects Enphase IQ Gateway, formerly known as Envoy, and can be exploited by attackers to compromise exposed systems.
Recommendations
For Enphase IQ Gateway versions 4.x through 8.x and less than 8.2.4225, upgrade to version 8.2.4225 or later to mitigate the threat.
As a temporary workaround, consider restricting access to the vulnerable URL parameter until a patch is available.
Avoid using the vulnerable URL parameter in the affected Enphase IQ Gateway until the issue is resolved.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Enphase Iq Gateway