CVE-2024-21880

Name of the Vulnerable Software and Affected Versions Enphase IQ Gateway (formerly known as Enphase) versions 4.x through 7.x

Description The issue is related to an Improper Neutralization of Special Elements used in a Command, also known as a Command Injection vulnerability. This vulnerability can be exploited via the url parameter of an authenticated endpoint, allowing OS Command Injection.

Recommendations For versions 4.x through 7.x, update the system's security measures promptly to ensure the vulnerability is resolved. As a temporary workaround, consider restricting access to the authenticated endpoint until a patch is available. Avoid using the url parameter in the affected endpoint until the issue is resolved.