Metrics
Affected Vendors & Products
Solution
Devices are remotely being updated by the vendor.
Workaround
It is adviced to not expose this device to untrusted network acces. In other words, make sure this decvice is not reachable from the internet, a guest network or a public network.
Fri, 23 Aug 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Enphase iq Gateway
Enphase iq Gateway Firmware |
|
CPEs | cpe:2.3:h:enphase:iq_gateway:-:*:*:*:*:*:*:* cpe:2.3:o:enphase:iq_gateway_firmware:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Enphase iq Gateway
Enphase iq Gateway Firmware |
|
Metrics |
cvssV3_1
|
Mon, 12 Aug 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Enphase
Enphase envoy |
|
CPEs | cpe:2.3:h:enphase:envoy:*:*:*:*:*:*:*:* | |
Vendors & Products |
Enphase
Enphase envoy |
|
Metrics |
ssvc
|
Sat, 10 Aug 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to access or create arbitratry files.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225. | |
Title | Unauthenticated Path Traversal via URL Parameter in Enphase IQ Gateway version < 8.2.4225 | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: DIVD
Published:
Updated: 2025-03-11T13:38:30.594Z
Reserved: 2024-01-02T18:30:11.174Z
Link: CVE-2024-21876

Updated: 2024-08-12T15:38:53.056Z

Status : Analyzed
Published: 2024-08-12T13:38:14.743
Modified: 2024-08-23T18:05:55.543
Link: CVE-2024-21876

No data.

No data.