Iq Gateway Firmware

iq_gateway_firmware

Vendor: Enphase • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-21880 1Enphase 1Iq Gateway Firmware Aug 23, 2024 Aug 12, 2024 8.6 HIGH· v4 7.2 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) allows OS Command Inje...Show more Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) allows OS Command Injection.This issue affects Envoy: 4.x <= 7.xShow less
CVE-2024-21879 1Enphase 1Iq Gateway Firmware Aug 23, 2024 Aug 12, 2024 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Inj...Show more Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225.Show less
CVE-2024-21878 1Enphase 1Iq Gateway Firmware Aug 23, 2024 Aug 12, 2024 9.2 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is present in an internal...Show more Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is present in an internal script.This issue affects Envoy: from 4.x up to and including 8.x and is currently unpatched.Show less
CVE-2024-21877 1Enphase 1Iq Gateway Firmware Aug 23, 2024 Aug 12, 2024 9.2 CRITICAL· v4 6.5 MEDIUM· v3 N/A· v2 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. The endpoint requires authent...Show more Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: from 4.x to 8.0 and < 8.2.4225.Show less
CVE-2024-21876 1Enphase 1Iq Gateway Firmware Aug 23, 2024 Aug 12, 2024 9.3 CRITICAL· v4 9.1 CRITICAL· v3 N/A· v2 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to access or create arbit...Show more Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to access or create arbitratry files.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225.Show less