PT-2024-19109 · Enphase · Enphase Iq Gateway
Frank Breedijk
+2
·
Published
2024-08-10
·
Updated
2024-08-23
·
CVE-2024-21878
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Enphase IQ Gateway (formerly known as Envoy) versions 4.x through 8.x
Description
The issue is related to an improper neutralization of special elements used in a command, allowing OS command injection. This vulnerability is present in an internal script and poses a serious threat, as attackers can exploit a flaw in these scripts.
Recommendations
For Enphase IQ Gateway (formerly known as Envoy) versions 4.x through 8.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
OS Command Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Enphase Iq Gateway