Metrics
Affected Vendors & Products
Solution
Devices are remotely being updated by the vendor.
Workaround
It is adviced to not expose this device to untrusted network acces. In other words, make sure this decvice is not reachable from the internet, a guest network or a public network. This will ensure that the likelihood of any attacks that can get access to the OS and thus abuse this vulnerability is reduced.
Fri, 23 Aug 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Enphase iq Gateway
Enphase iq Gateway Firmware |
|
Weaknesses | CWE-78 | |
CPEs | cpe:2.3:h:enphase:iq_gateway:-:*:*:*:*:*:*:* cpe:2.3:o:enphase:iq_gateway_firmware:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Enphase iq Gateway
Enphase iq Gateway Firmware |
|
Metrics |
cvssV3_1
|
Mon, 12 Aug 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Enphase
Enphase envoy |
|
CPEs | cpe:2.3:h:enphase:envoy:*:*:*:*:*:*:*:* | |
Vendors & Products |
Enphase
Enphase envoy |
|
Metrics |
ssvc
|
Sat, 10 Aug 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is present in an internal script.This issue affects Envoy: from 4.x up to and including 8.x and is currently unpatched. | |
Title | Command Injection through Unsafe File Name Evaluation in internal script in Enphase IQ Gateway v4.x to and including 8.x | |
Weaknesses | CWE-77 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: DIVD
Published:
Updated: 2025-03-11T13:38:31.973Z
Reserved: 2024-01-02T18:30:11.174Z
Link: CVE-2024-21878

Updated: 2024-08-12T14:30:39.302Z

Status : Analyzed
Published: 2024-08-12T13:38:15.107
Modified: 2024-08-23T17:52:11.777
Link: CVE-2024-21878

No data.

No data.