Metrics
Affected Vendors & Products
Solution
Devices are remotely being updated by the vendor.
Workaround
It is adviced to not expose this device to untrusted network acces. In other words, make sure this decvice is not reachable from the internet, a guest network or a public network.
Fri, 23 Aug 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Enphase iq Gateway
Enphase iq Gateway Firmware |
|
CPEs | cpe:2.3:h:enphase:iq_gateway:-:*:*:*:*:*:*:* cpe:2.3:o:enphase:iq_gateway_firmware:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Enphase iq Gateway
Enphase iq Gateway Firmware |
|
Metrics |
cvssV3_1
|
Mon, 12 Aug 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Enphase
Enphase envoy |
|
CPEs | cpe:2.3:h:enphase:envoy:-:*:*:*:*:*:*:* | |
Vendors & Products |
Enphase
Enphase envoy |
|
Metrics |
ssvc
|
Sat, 10 Aug 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: from 4.x to 8.0 and < 8.2.4225. | |
Title | Insecure File Generation Based on User Input in Enphase IQ Gateway version 4.x to 8.x and < 8.2.4225 | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: DIVD
Published:
Updated: 2025-03-11T13:38:26.399Z
Reserved: 2024-01-02T18:30:11.174Z
Link: CVE-2024-21877

Updated: 2024-08-12T12:52:47.607Z

Status : Analyzed
Published: 2024-08-12T13:38:14.980
Modified: 2024-08-23T18:06:45.520
Link: CVE-2024-21877

No data.

No data.