Vulnerability Details CVE-2024-21876
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to access or create arbitratry files.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.1%
CVSS Severity
CVSS v3 Score 9.1
References
Products affected by CVE-2024-21876
-
cpe:2.3:h:enphase:iq_gateway:-
-
cpe:2.3:o:enphase:iq_gateway_firmware:4.0
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.107
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.110
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.153
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.155
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.88
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.93
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.3.120
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.3.76
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.3.78
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.4.28
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.4.29