Vulnerability Details CVE-2024-21877
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: from 4.x to 8.0 and < 8.2.4225.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.0%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2024-21877
-
cpe:2.3:h:enphase:iq_gateway:-
-
cpe:2.3:o:enphase:iq_gateway_firmware:4.0
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.107
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.110
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.153
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.155
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.88
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.93
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.3.120
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.3.76
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.3.78
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.4.28
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.4.29